From nobody Sun Nov 1 03:39:52 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F346C1B7BBA; Sun, 1 Nov 2015 03:39:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PeoZe1Yj34C4; Sun, 1 Nov 2015 03:39:48 -0800 (PST) Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 098681B7BB9; Sun, 1 Nov 2015 03:39:48 -0800 (PST) Received: from webmail.nominum.com (cas-04.win.nominum.com [64.89.235.67]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 71CCFDA0096; Sun, 1 Nov 2015 11:39:47 +0000 (UTC) Received: from [133.93.83.120] (133.93.83.120) by CAS-04.WIN.NOMINUM.COM (192.168.1.101) with Microsoft SMTP Server (TLS) id 14.3.224.2; Sun, 1 Nov 2015 03:39:47 -0800 To: "ietf@ietf.org" , From: Ted Lemon Message-ID: <5635FA00.3040608@nominum.com> Date: Sun, 1 Nov 2015 06:39:44 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------090801090409000805000503" X-Originating-IP: [133.93.83.120] Archived-At: Subject: [perpass] Email BAR BOF in Yokohama will be Tuesday at 8pm. X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ted Lemon List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Nov 2015 11:39:49 -0000 --------------090801090409000805000503 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit This conflicts a bit with the social, but it was the day the most people said they were available. I will be at the location (TBD) at 8; if you're at the social at 8 and not ready to leave yet, please come by anyway. I haven't determined what the location will be because bars at the hotel seem to be a bit more formal than we're used to. If anybody has any suggestions, please let me know (privately). I will send out an update tomorrow with a definite location. --------------090801090409000805000503 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit This conflicts a bit with the social, but it was the day the most people said they were available.   I will be at the location (TBD) at 8; if you're at the social at 8 and not ready to leave yet, please come by anyway.

I haven't determined what the location will be because bars at the hotel seem to be a bit more formal than we're used to.   If anybody has any suggestions, please let me know (privately).   I will send out an update tomorrow with a definite location.
--------------090801090409000805000503-- From nobody Sun Nov 1 12:07:12 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0067C1B8B83; Sun, 1 Nov 2015 12:07:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V3m3ersmdAyH; Sun, 1 Nov 2015 12:07:10 -0800 (PST) Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C1B51B8B92; Sun, 1 Nov 2015 12:07:10 -0800 (PST) Received: from webmail.nominum.com (cas-04.win.nominum.com [64.89.235.67]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 996BCDA0089; Sun, 1 Nov 2015 20:07:09 +0000 (UTC) Received: from mbx-03.WIN.NOMINUM.COM ([169.254.4.19]) by CAS-04.WIN.NOMINUM.COM ([64.89.235.67]) with mapi id 14.03.0224.002; Sun, 1 Nov 2015 12:07:09 -0800 From: Ted Lemon To: "ietf@ietf.org" , "perpass@ietf.org" Thread-Topic: Email BAR BOF in Yokohama will be Tuesday at 8pm. Thread-Index: AQHRFJoNMrPXd9F17UK4htcyOurvnZ6HxGGA///TIKA= Date: Sun, 1 Nov 2015 20:07:08 +0000 Message-ID: <8D23D4052ABE7A4490E77B1A012B630797A019B1@mbx-03.WIN.NOMINUM.COM> References: <5635FA00.3040608@nominum.com>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [133.93.84.98] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [perpass] Email BAR BOF in Yokohama will be Tuesday at 8pm. X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Nov 2015 20:07:11 -0000 > What is the intent of the =93email bar bof=94 ? Please provide 2 line de= scription please or a pointer. The point of the email Bar BOF is to allow various people who have been int= erested in discussing improvements to email both with respect to perpass an= d with respect to what has been discussed on the IETF mailing list over the= past week or so. If it were a well-focused and well-characterized propos= al, maybe we would have asked for an actual BoF. :) What I intend to do is ask everybody who shows up why they showed up, make = a list of the reasons, and see if there is enough crossover that there is s= omething to discuss. It may be that there is not. Thanks! From nobody Mon Nov 2 19:45:25 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A723C1B2C45; Mon, 2 Nov 2015 19:45:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.39 X-Spam-Level: X-Spam-Status: No, score=0.39 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_SMALL=2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qKiG2HwH4qYi; Mon, 2 Nov 2015 19:45:22 -0800 (PST) Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B7641B2C43; Mon, 2 Nov 2015 19:45:22 -0800 (PST) Received: from webmail.nominum.com (cas-04.win.nominum.com [64.89.235.67]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 6A694DA00A2; Tue, 3 Nov 2015 03:45:21 +0000 (UTC) Received: from mbx-03.WIN.NOMINUM.COM ([169.254.4.19]) by CAS-04.WIN.NOMINUM.COM ([64.89.235.67]) with mapi id 14.03.0224.002; Mon, 2 Nov 2015 19:45:21 -0800 From: Ted Lemon To: "ietf@ietf.org" , "perpass@ietf.org" Thread-Topic: Email bar bof in Yokohama: location. Thread-Index: AdEV6KOZILaK0y4UQturqI/OUkeq9A== Date: Tue, 3 Nov 2015 03:45:20 +0000 Message-ID: <8D23D4052ABE7A4490E77B1A012B630797A02024@mbx-03.WIN.NOMINUM.COM> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [49.239.64.69] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [perpass] Email bar bof in Yokohama: location. X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2015 03:45:23 -0000 I've decided that given that the bar bof somewhat coincides with social, t= he right place to do it is on the same hotel. So I propose that we meet in= Jack's bar in the Yokohama Bay Hotel Tokyu. This is just into the Queen's = mall, to the left as you enter from the conference center.=20 I will be there at 8pm. Please let me know if you intend to come and if you= might be later than 8. Please reply just to me. Thanks!= From nobody Mon Nov 2 20:08:00 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD0311B2CB1 for ; Mon, 2 Nov 2015 20:07:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.401 X-Spam-Level: X-Spam-Status: No, score=0.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MANGLED_SMALL=2.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id syHfy2Efgkce for ; Mon, 2 Nov 2015 20:07:57 -0800 (PST) Received: from xsmtp06.mail2web.com (xsmtp26.mail2web.com [168.144.250.193]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CA051AD35C for ; Mon, 2 Nov 2015 20:07:57 -0800 (PST) Received: from [10.5.2.31] (helo=xmail09.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1ZtSsx-00037g-RD for perpass@ietf.org; Mon, 02 Nov 2015 23:07:56 -0500 Received: (qmail 25183 invoked from network); 3 Nov 2015 04:07:50 -0000 Received: from unknown (HELO [IPv6:::ffff:133.93.38.47]) (Authenticated-user:_huitema@huitema.net@[133.93.38.47]) (envelope-sender ) by xmail09.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 3 Nov 2015 04:07:49 -0000 MIME-Version: 1.0 To: Ted Lemon , "ietf@ietf.org" , "perpass@ietf.org" From: "Christian Huitema " Date: Tue, 3 Nov 2015 13:07:39 +0900 Importance: normal X-Priority: 3 Thread-Topic: Email bar bof in Yokohama: location. In-Reply-To: <8D23D4052ABE7A4490E77B1A012B630797A02024@mbx-03.WIN.NOMINUM.COM> References: <8D23D4052ABE7A4490E77B1A012B630797A02024@mbx-03.WIN.NOMINUM.COM> Content-Type: multipart/alternative; boundary="_864970D7-0893-4872-A552-1140732E67DB_" Message-Id: <20151103040757.7CA051AD35C@ietfa.amsl.com> Archived-At: Subject: Re: [perpass] Email bar bof in Yokohama: location. X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2015 04:07:59 -0000 --_864970D7-0893-4872-A552-1140732E67DB_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Jack=E2=80=99s bar has JPY 1000 cover charge. Hope that=E2=80=99s not a pro= blem=E2=80=A6 Sent from Outlook Mail for Windows 10 phone From: Ted Lemon Sent: Tuesday, November 3, 2015 12:45 PM To: ietf@ietf.org;perpass@ietf.org Subject: [perpass] Email bar bof in Yokohama: location. I've decided that given that the bar bof somewhat coincides with social, t= he right place to do it is on the same hotel. So I propose that we meet in= Jack's bar in the Yokohama Bay Hotel Tokyu. This is just into the Queen's = mall, to the left as you enter from the conference center.=20 I will be there at 8pm. Please let me know if you intend to come and if you= might be later than 8. Please reply just to me. Thanks! _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass --_864970D7-0893-4872-A552-1140732E67DB_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

Jack=E2=80=99s bar has JPY 1000 cove= r charge. Hope that=E2=80=99s not a problem=E2=80=A6

 

Sent from Outlook Mail for Wind= ows 10 phone

 

 


From: = Ted Lemon
Sent: Tuesday, November 3, 2015 12:45 PM
To: = ietf@ietf.org;perpass@ietf.org
Subject: [perpass] Email bar bof i= n Yokohama: location.

 

 

I've decided = that given that the bar bof somewhat coincides with=C2=A0 social, the right= place to do it is on the same hotel.=C2=A0 So I propose that we meet in Ja= ck's bar in the Yokohama Bay Hotel Tokyu. This is just into the Queen's mal= l, to the left as you enter from the conference center.

 

I will be there at 8pm. Ple= ase let me know if you intend to come and if you might be later than 8. Ple= ase reply just to me. Thanks!

_____________________= __________________________

perpass mailing list

=

perpass@ietf.org

https://www.i= etf.org/mailman/listinfo/perpass

 <= /p>

 

= --_864970D7-0893-4872-A552-1140732E67DB_-- From nobody Tue Nov 3 00:14:13 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86C4E1B2F86; Tue, 3 Nov 2015 00:14:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HGPwEqlvrHHA; Tue, 3 Nov 2015 00:14:08 -0800 (PST) Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99E741B2F84; Tue, 3 Nov 2015 00:14:08 -0800 (PST) Received: from webmail.nominum.com (cas-04.win.nominum.com [64.89.235.67]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 06CBCDA008E; Tue, 3 Nov 2015 08:14:08 +0000 (UTC) Received: from mbx-03.WIN.NOMINUM.COM ([169.254.4.19]) by CAS-04.WIN.NOMINUM.COM ([64.89.235.67]) with mapi id 14.03.0224.002; Tue, 3 Nov 2015 00:14:07 -0800 From: Ted Lemon To: "Christian Huitema " , "ietf@ietf.org" , "perpass@ietf.org" Thread-Topic: [perpass] Email bar bof in Yokohama: location. Thread-Index: AQHRFe1LxHDUCrvKNk2g7r1hJj0mgp6J8B09 Date: Tue, 3 Nov 2015 08:14:06 +0000 Message-ID: <8D23D4052ABE7A4490E77B1A012B630797A02118@mbx-03.WIN.NOMINUM.COM> References: <8D23D4052ABE7A4490E77B1A012B630797A02024@mbx-03.WIN.NOMINUM.COM>, <5638333a.299a320a.3dfd2.ffff8981SMTPIN_ADDED_MISSING@mx.google.com> In-Reply-To: <5638333a.299a320a.3dfd2.ffff8981SMTPIN_ADDED_MISSING@mx.google.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [133.93.36.147] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [perpass] Email bar bof in Yokohama: location. X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2015 08:14:09 -0000 > Jack=92s bar has JPY 1000 cover charge. Hope that=92s not a problem=85 Argh. It's certainly a screwup on my part. I'm afraid that changing the= venue now will result in half of the interested people not coming, though,= so we are pretty much stuck. So much for my clever optimization. :( From nobody Wed Nov 4 20:35:25 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5C641B390B for ; Wed, 4 Nov 2015 20:35:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.378 X-Spam-Level: X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7HoPmvXwECE for ; Wed, 4 Nov 2015 20:35:17 -0800 (PST) Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F7AA1B38F8 for ; Wed, 4 Nov 2015 20:35:17 -0800 (PST) Received: by lbblt2 with SMTP id lt2so8097769lbb.3 for ; Wed, 04 Nov 2015 20:35:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=fz8wwZjPqcNqAyqB7tG9+m3qGCybfh9EpZu8Ff1PxDU=; b=cGx1v7Zkp/Fo0NcSgM9sPJqW5s+3fWCJtzhFK2pQDph/zfHKlaW3geoqpA8uOJJNN9 5p8U/hezDwXX4FD+YlssLuju+L4H94j324jsLzPQHtVAPj19cfp2KWZsu4zK2b5yFYED Uf5DV05dtjJs7vR+ytaOi/c5LXkj5u7fWkvQ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type:content-transfer-encoding; bh=fz8wwZjPqcNqAyqB7tG9+m3qGCybfh9EpZu8Ff1PxDU=; b=gLf4xupJjQIx5CIH/qKx121RjMsELVc4BmNVDOTlXgrfhMoOVPWGagqQcuOmlelViR bUal690P1FgiXRPzFj6B1ciEALg4jGZEwZtS3lj5+O3Mb6z6X+TqbOXbUGBBicIW9eWV NW+f81sKJ6uvkdEPylBMIWP9+mrbdDQZbE0VVCWNQMvqZkhvu43wW0Rzkm6hHXX5oujO pjlDIzBmqhEluF9E2mqq3kEM//r6yldbSQIluRfSM+G/Qqg1mlj3VlF+i5DC7IPjbxv6 hilTYBbzbWFMxMrFdnUgKXiGw3yQB770UMD3AHHw6CHiM0H3+qsBA2fTcyELr5N0F4Wu +clw== X-Gm-Message-State: ALoCoQm4t6B3CE9i84AGe3OGWsKPhOkQvNeMwkYjpQWRjETBFplGLQTBiSjf8xq7j0+sVIaSG7BH X-Received: by 10.112.64.72 with SMTP id m8mr2656467lbs.41.1446698115449; Wed, 04 Nov 2015 20:35:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.141.77 with HTTP; Wed, 4 Nov 2015 20:34:55 -0800 (PST) In-Reply-To: <20151104132852.GA30149@laperouse.bortzmeyer.org> References: <20151104132852.GA30149@laperouse.bortzmeyer.org> From: Joseph Lorenzo Hall Date: Thu, 5 Nov 2015 13:34:55 +0900 Message-ID: To: perpass , Stephane Bortzmeyer Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: [perpass] Fwd: [dns-privacy] We'll have stakeholders in Great Britain... X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2015 04:35:19 -0000 (moving a thread from Stephane on dns-privacy here to perpass) I wanted to highlight for perpass the draft UK Bill [1] that dropped yester= day. It includes the following language in Section 71(9) that ISPs, on notice, will need to retain the following for one year (and, yes, some of this is completely crazypants and totally unclear how to map these concepts onto technical concepts): ---- (9) In this Part =E2=80=9Crelevant communications data=E2=80=9D means commu= nications data which may be used to identify, or assist in identifying, any of the following=E2=80=94 (a) the sender or recipient of a communication (whether or not a perso= n), (b) the time or duration of a communication, (c) the type, method or pattern, or fact, of communication, (d) the telecommunication system (or any part of it) from, to or through which, or by means of which, a communication is or may be transmitted, (e) the location of any such system, or (f) the internet protocol address, or other identifier, of any apparatus to which a communication is transmitted for the purpose of obtaining access to, or running, a computer file or computer program. In this subsection =E2=80=9Cidentifier=E2=80=9D means an identifier used to= facilitate the transmission of a communication. ---- While the press before had highlighted this bill would require retaining "web browsing history" it seems both somewhat worse, and potentially Netflow data for what seems like all an ISPs subscribers. Wondering if others have thoughts. best, Joe [1]: https://www.gov.uk/government/uploads/system/uploads/attachment_data/f= ile/473770/Draft_Investigatory_Powers_Bill.pdf ---------- Forwarded message ---------- From: Stephane Bortzmeyer Date: Wed, Nov 4, 2015 at 10:28 PM Subject: [dns-privacy] We'll have stakeholders in Great Britain... To: dns-privacy@ietf.org http://www.bbc.com/news/uk-politics-34715872 The bill will force companies to hold "internet connection records" for 12 months so they can be requested by authorities. Such data would consist of a basic domain address, _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy --=20 Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 From nobody Wed Nov 4 21:09:01 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B24D1B3971 for ; Wed, 4 Nov 2015 21:09:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S2hPqWXoTbRd for ; Wed, 4 Nov 2015 21:08:58 -0800 (PST) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0082.outbound.protection.outlook.com [65.55.169.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C29A1B396A for ; Wed, 4 Nov 2015 21:08:58 -0800 (PST) Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1840.namprd06.prod.outlook.com (10.162.133.15) with Microsoft SMTP Server (TLS) id 15.1.312.18; Thu, 5 Nov 2015 05:08:53 +0000 Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0312.014; Thu, 5 Nov 2015 05:08:53 +0000 From: Robin Wilton To: Joseph Hall Lorenzo Thread-Topic: [perpass] [dns-privacy] We'll have stakeholders in Great Britain... Thread-Index: AQHRF4gQON8pD0vAWU6S72JR+spfPQ== Date: Thu, 5 Nov 2015 05:08:52 +0000 Message-ID: <2F62068C-93EA-4F65-B975-9D9E0534A103@isoc.org> References: <20151104132852.GA30149@laperouse.bortzmeyer.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=wilton@isoc.org; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [2001:c40:0:3024:b844:6a56:5fff:8e03] x-microsoft-exchange-diagnostics: 1; SN1PR06MB1840; 5:Os4C5VliuW8CaczfVwJlZcb3gVwYGBh5hauUaG0AILVvfSMLZaDDVcRZoQ5kkEAeWvpEAwCkegMV/2opwbjIIzf6WeiV6mAOCrQqJNpdlCl9czxFeuPio22oU6ZGJmh1U0725wDZrphfp7ZBdfCNuQ==; 24:Sj8JlcMY3CzSdJwNssh+R7KC9o26yDiHTP+/xuYm3mEmwY5FHhTo7EbYxj58NnqJpnNbwVpC7jzE+cFt6WPQ3AS2/XPyok2iZErBTBIsp6s=; 20:u1CjYlS98ZXFYZQo4vcajwAmQlpKX5uwe8HjyltDigkZgzF4eFZriTUqorj3QrhpmD6Wh/vxvFb/MR5irrVNJA== x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(42139001); SRVR:SN1PR06MB1840; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(51492898944892); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(10201501046)(3002001); SRVR:SN1PR06MB1840; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1840; x-forefront-prvs: 0751474A44 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(111735001)(24454002)(189002)(199003)(252514010)(377454003)(86362001)(99936001)(101416001)(50986999)(33656002)(122556002)(92566002)(10400500002)(76176999)(77096005)(2950100001)(102836002)(5890100001)(2900100001)(1720100001)(15975445007)(54356999)(83716003)(97736004)(5004730100002)(99286002)(19580405001)(40100003)(19580395003)(189998001)(5007970100001)(106116001)(81156007)(36756003)(110136002)(5002640100001)(105586002)(5001960100002)(106356001)(82746002)(5008740100001)(11100500001)(87936001)(3826002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1840; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; boundary="Apple-Mail=_8421BDE1-F655-46FA-8B3C-7902D30FDF4A"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 X-OriginatorOrg: isoc.org X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2015 05:08:52.5461 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1840 Archived-At: Cc: perpass , Stephane Bortzmeyer Subject: Re: [perpass] [dns-privacy] We'll have stakeholders in Great Britain... X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2015 05:09:01 -0000 --Apple-Mail=_8421BDE1-F655-46FA-8B3C-7902D30FDF4A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 It=92s very hard to work out exactly what UK policymakers think they are = aiming for here=85 quite possibly because their own understanding is = less than perfect. In the parliamentary debate yesterday, the Home Secretary repeatedly = referred to retention of =93the first page or device accessed by a = user=94. I don=92t think I know what that means. I also wonder, for instance, how that would work in a =93portal=94-style = environment, where a single =93landing page=94 could contain dynamic = content elements. Nor is it clear to me whether, once I visit a site, my CSP would have to = log the =93first connection=94 my browser gets to each embedded = third-party-served element on that page (e.g. ads, ssh sessions etc=85 = etc=85). If it does, there=92s potential for this measure to result in volumes of = data that are so large as to be increasingly unusable. (Obviously, as a = privacy-concerned citizen, if the interceptors drown in data, I can see = an upside in that ;^) ) I will be looking at the detail of the Bill over the coming days, and no = doubt ISOC will be publishing some analysis, comments and conclusions. Yrs., Robin Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall wrote: > (moving a thread from Stephane on dns-privacy here to perpass) >=20 > I wanted to highlight for perpass the draft UK Bill [1] that dropped = yesterday. >=20 > It includes the following language in Section 71(9) that ISPs, on > notice, will need to retain the following for one year (and, yes, some > of this is completely crazypants and totally unclear how to map these > concepts onto technical concepts): >=20 > ---- >=20 > (9) In this Part =93relevant communications data=94 means = communications > data which may be used to identify, or assist in identifying, any of > the following=97 >=20 > (a) the sender or recipient of a communication (whether or not a = person), > (b) the time or duration of a communication, > (c) the type, method or pattern, or fact, of communication, > (d) the telecommunication system (or any part of it) from, to or > through which, or by means of which, a communication is or may be > transmitted, > (e) the location of any such system, or > (f) the internet protocol address, or other identifier, of any > apparatus to which a communication is transmitted for the purpose of > obtaining access to, or running, a computer file or computer program. >=20 > In this subsection =93identifier=94 means an identifier used to = facilitate > the transmission of a communication. >=20 > ---- >=20 > While the press before had highlighted this bill would require > retaining "web browsing history" it seems both somewhat worse, and > potentially Netflow data for what seems like all an ISPs subscribers. >=20 > Wondering if others have thoughts. >=20 > best, Joe >=20 > [1]: = https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/= 473770/Draft_Investigatory_Powers_Bill.pdf >=20 > ---------- Forwarded message ---------- > From: Stephane Bortzmeyer > Date: Wed, Nov 4, 2015 at 10:28 PM > Subject: [dns-privacy] We'll have stakeholders in Great Britain... > To: dns-privacy@ietf.org >=20 >=20 > http://www.bbc.com/news/uk-politics-34715872 >=20 > The bill will force companies to hold "internet connection records" > for 12 months so they can be requested by authorities. >=20 > Such data would consist of a basic domain address, >=20 > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy >=20 >=20 > -- > Joseph Lorenzo Hall > Chief Technologist > Center for Democracy & Technology > 1634 I ST NW STE 1100 > Washington DC 20006-4011 > (p) 202-407-8825 > (f) 202-637-0968 > joe@cdt.org > PGP: https://josephhall.org/gpg-key > fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 >=20 > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass --Apple-Mail=_8421BDE1-F655-46FA-8B3C-7902D30FDF4A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlY64/sACgkQ646Z8yy2wEzQmgD+Jw/CXj6z4shnMF325hVile9A VtPrnsrNbB9CxsJsCcABAIrRG7pfj05vLsPOKpBNLYXFrBmqqGqKHUWKm28miMeB =XTir -----END PGP SIGNATURE----- --Apple-Mail=_8421BDE1-F655-46FA-8B3C-7902D30FDF4A-- From nobody Wed Nov 4 21:46:00 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7D451B39A9 for ; Wed, 4 Nov 2015 21:45:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.378 X-Spam-Level: X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VPfH1aC5-V5O for ; Wed, 4 Nov 2015 21:45:57 -0800 (PST) Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com [IPv6:2a00:1450:4010:c04::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AD131B391B for ; Wed, 4 Nov 2015 21:45:57 -0800 (PST) Received: by lbblt2 with SMTP id lt2so8828354lbb.3 for ; Wed, 04 Nov 2015 21:45:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=SyPtSA4x8dea1l5ctxlGveKoDVZ3+BF+ffvD/UiEF4U=; b=iALZ7DdPc2zX4it6UpNvNochKm8bivCGigLd1lQKtJS1GxYkSuILIJqcwgfwoGrp/k N+RTgJRvXioFxsfC68WuNob2hD3wR0YoxY9vtQFUHnECEO7hlv9U/rn92tDfFs7glCF1 66ByiJcS9nzAFpnjdVxX4No3deEm7mTDolaVc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=SyPtSA4x8dea1l5ctxlGveKoDVZ3+BF+ffvD/UiEF4U=; b=FIVNnGP+SGwtLjeYdL3aMl/qADID8zsN1QvUfLw85KZgnkBE+DkrUWbh0Lfypc2sGF 6o6JlupZP/wrPvsTxCafUxATe6y87iuo8UMuHbHIrtHeCtCpF8gZPHc3e3aH5QN/CFWK yBc99DzGRMpoksu4tAO3Fqir1tci4L+BOIn60KfZZlEoJDPArI4P4Hm6NYbK670Twq8q tOvQlEpOx92GkwDBsetXUVw0j48u/hy3TndD8rFCzJ3d6iKPMtjFLHCUJwm6ATvZpP1M PnFNh1pJtTDpIXW9+ZXmwn6U2YDSQ00x111BxwCTW92Y57NHPRK4U/N7CXAV+VS6Ie/u 3jKQ== X-Gm-Message-State: ALoCoQnpklxY9eNlZGebmikyaPiUFY9Im5PpFsSJc7xTuJ0kHlXUbzfGZ3ScdvMV251HhNopaKTZ X-Received: by 10.112.161.168 with SMTP id xt8mr2810237lbb.88.1446702355075; Wed, 04 Nov 2015 21:45:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.141.77 with HTTP; Wed, 4 Nov 2015 21:45:35 -0800 (PST) In-Reply-To: <2F62068C-93EA-4F65-B975-9D9E0534A103@isoc.org> References: <20151104132852.GA30149@laperouse.bortzmeyer.org> <2F62068C-93EA-4F65-B975-9D9E0534A103@isoc.org> From: Joseph Lorenzo Hall Date: Thu, 5 Nov 2015 14:45:35 +0900 Message-ID: To: Robin Wilton Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: perpass , Stephane Bortzmeyer Subject: Re: [perpass] [dns-privacy] We'll have stakeholders in Great Britain... X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2015 05:45:59 -0000 I should also point out, on a different part of the Bill, section 189, "Maintenance of technical capability" requires non-UK providers/companies to provide access to cleartext. e.g., this part reaches non-UK folks: "An obligation specified in regulations under this section may be imposed on, and a technical capability notice given to, persons outside the United Kingdom (and may require things to be done, or not to be done, outside the United Kingdom)" :/ On Thu, Nov 5, 2015 at 2:08 PM, Robin Wilton wrote: > It=E2=80=99s very hard to work out exactly what UK policymakers think the= y are aiming for here=E2=80=A6 quite possibly because their own understandi= ng is less than perfect. > > In the parliamentary debate yesterday, the Home Secretary repeatedly refe= rred to retention of =E2=80=9Cthe first page or device accessed by a user= =E2=80=9D. > > I don=E2=80=99t think I know what that means. > > I also wonder, for instance, how that would work in a =E2=80=9Cportal=E2= =80=9D-style environment, where a single =E2=80=9Clanding page=E2=80=9D co= uld contain dynamic content elements. > > Nor is it clear to me whether, once I visit a site, my CSP would have to = log the =E2=80=9Cfirst connection=E2=80=9D my browser gets to each embedded= third-party-served element on that page (e.g. ads, ssh sessions etc=E2=80= =A6 etc=E2=80=A6). > If it does, there=E2=80=99s potential for this measure to result in volum= es of data that are so large as to be increasingly unusable. (Obviously, as= a privacy-concerned citizen, if the interceptors drown in data, I can see = an upside in that ;^) ) > > I will be looking at the detail of the Bill over the coming days, and no = doubt ISOC will be publishing some analysis, comments and conclusions. > > Yrs., > Robin > > Robin Wilton > Technical Outreach Director - Identity and Privacy > Internet Society > > email: wilton@isoc.org > Phone: +44 705 005 2931 > Twitter: @futureidentity > > On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall wrote: > >> (moving a thread from Stephane on dns-privacy here to perpass) >> >> I wanted to highlight for perpass the draft UK Bill [1] that dropped yes= terday. >> >> It includes the following language in Section 71(9) that ISPs, on >> notice, will need to retain the following for one year (and, yes, some >> of this is completely crazypants and totally unclear how to map these >> concepts onto technical concepts): >> >> ---- >> >> (9) In this Part =E2=80=9Crelevant communications data=E2=80=9D means co= mmunications >> data which may be used to identify, or assist in identifying, any of >> the following=E2=80=94 >> >> (a) the sender or recipient of a communication (whether or not a per= son), >> (b) the time or duration of a communication, >> (c) the type, method or pattern, or fact, of communication, >> (d) the telecommunication system (or any part of it) from, to or >> through which, or by means of which, a communication is or may be >> transmitted, >> (e) the location of any such system, or >> (f) the internet protocol address, or other identifier, of any >> apparatus to which a communication is transmitted for the purpose of >> obtaining access to, or running, a computer file or computer program. >> >> In this subsection =E2=80=9Cidentifier=E2=80=9D means an identifier used= to facilitate >> the transmission of a communication. >> >> ---- >> >> While the press before had highlighted this bill would require >> retaining "web browsing history" it seems both somewhat worse, and >> potentially Netflow data for what seems like all an ISPs subscribers. >> >> Wondering if others have thoughts. >> >> best, Joe >> >> [1]: https://www.gov.uk/government/uploads/system/uploads/attachment_dat= a/file/473770/Draft_Investigatory_Powers_Bill.pdf >> >> ---------- Forwarded message ---------- >> From: Stephane Bortzmeyer >> Date: Wed, Nov 4, 2015 at 10:28 PM >> Subject: [dns-privacy] We'll have stakeholders in Great Britain... >> To: dns-privacy@ietf.org >> >> >> http://www.bbc.com/news/uk-politics-34715872 >> >> The bill will force companies to hold "internet connection records" >> for 12 months so they can be requested by authorities. >> >> Such data would consist of a basic domain address, >> >> _______________________________________________ >> dns-privacy mailing list >> dns-privacy@ietf.org >> https://www.ietf.org/mailman/listinfo/dns-privacy >> >> >> -- >> Joseph Lorenzo Hall >> Chief Technologist >> Center for Democracy & Technology >> 1634 I ST NW STE 1100 >> Washington DC 20006-4011 >> (p) 202-407-8825 >> (f) 202-637-0968 >> joe@cdt.org >> PGP: https://josephhall.org/gpg-key >> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 >> >> _______________________________________________ >> perpass mailing list >> perpass@ietf.org >> https://www.ietf.org/mailman/listinfo/perpass > --=20 Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 From nobody Thu Nov 5 05:29:14 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85EF11B2B96 for ; Thu, 5 Nov 2015 05:29:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vjud3YL0-bkT for ; Thu, 5 Nov 2015 05:29:09 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0689.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::689]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7648D1B2BB5 for ; Thu, 5 Nov 2015 05:29:09 -0800 (PST) Received: from SN1PR06MB1838.namprd06.prod.outlook.com (10.162.133.16) by SN1PR06MB1872.namprd06.prod.outlook.com (10.162.133.23) with Microsoft SMTP Server (TLS) id 15.1.312.18; Thu, 5 Nov 2015 13:28:47 +0000 Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1838.namprd06.prod.outlook.com (10.162.133.16) with Microsoft SMTP Server (TLS) id 15.1.312.18; Thu, 5 Nov 2015 13:28:44 +0000 Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0312.014; Thu, 5 Nov 2015 13:28:44 +0000 From: Robin Wilton To: Joseph Hall Lorenzo Thread-Topic: [perpass] [dns-privacy] We'll have stakeholders in Great Britain... Thread-Index: AQHRF40/eYo/GkAXTkGQx6Eppzmghp6NbC6A Date: Thu, 5 Nov 2015 13:28:44 +0000 Message-ID: <6CD67975-65C7-48F5-8BCB-CA5E2CC7C365@isoc.org> References: <20151104132852.GA30149@laperouse.bortzmeyer.org> <2F62068C-93EA-4F65-B975-9D9E0534A103@isoc.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=wilton@isoc.org; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [133.93.67.123] x-microsoft-exchange-diagnostics: 1; SN1PR06MB1838; 5:MgKhcE9+7kyrtnTbYWf6f8S17It8gmvuRS//BYhkxyp7+CAcKwl1ofozMe/NccEBGWjurcU1c2M0BfXBrf2vG1S+E/lsePUN7JQ6bP0Z1YdgEnNfOsFk78Kb5YAP0K1vgbZfLCr2CMwmAfVWrhgSGw==; 24:eSp4T5+QmW8SMdScKpp9tUZdqTdsR3VCxzNSwR35ETo5mrd5XNO1HMnttTFxZXRPnnfrUCFChfNMu42M4nrqSQnA88Ai7GdzqHwGesluLpE=; 20:CucBfHRyKobxIXLvjyMqYzhs2csjSzqnNH2gPrQ9njnECJEAm37gKMImdS0WkZ4/VmT0LlTUhZd0nss5/3JoIg== x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(42139001); SRVR:SN1PR06MB1838; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(51492898944892); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(10201501046)(3002001); SRVR:SN1PR06MB1838; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1838; x-forefront-prvs: 0751474A44 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(199003)(252514010)(111735001)(189002)(24454002)(377454003)(2950100001)(102836002)(11100500001)(10400500002)(81156007)(82746002)(33656002)(5004730100002)(86362001)(5008740100001)(97736004)(5890100001)(99286002)(36756003)(5007970100001)(87936001)(93886004)(1720100001)(106356001)(99936001)(110136002)(5001920100001)(50986999)(40100003)(54356999)(5002640100001)(77096005)(189998001)(66066001)(2900100001)(15975445007)(5001960100002)(101416001)(83716003)(105586002)(19580405001)(76176999)(106116001)(19580395003)(92566002)(122556002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1838; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; boundary="Apple-Mail=_0DD03E24-7711-48FE-B126-E02B06FE4E02"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2015 13:28:44.6624 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1838 X-Microsoft-Exchange-Diagnostics: 1; SN1PR06MB1872; 2:Q5krteZs9CFJumCdVilljc3tElAXw1Dzj1eQo7Pu+YMRQ7OMqBYwAZZnYDIHYu03eW55eslHg7wTi06RlnpWWRWeaKsywtXSF0AzHrysqp0Y46BR/NCLv9gQcuqhQcFUuwyUfofVYAjtJOPmnx9KF3ti7pjChaV8yctVFzIAl9U=; 23:bx6zn/+vTcDegkU+EEusliSpqiEQlhdyHDAoWs2TGvfeGOQGBKPUuRMRSL+GtxvB8zPqWf7H1HKBb5kieFj8FtDycOvNX3LPYxg+C+H+US/9kkjnX/Uc/veQ8XZupUW3tPciDTxNzyVCyLm8yKuYLFZ561SGrGbkW/WvhMrsvkvBrAt+jqN2lnaCGTUcWQbI X-OriginatorOrg: isoc.org Archived-At: Cc: perpass , Stephane Bortzmeyer Subject: Re: [perpass] [dns-privacy] We'll have stakeholders in Great Britain... X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2015 13:29:13 -0000 --Apple-Mail=_0DD03E24-7711-48FE-B126-E02B06FE4E02 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Have you heard the English expression =93dog=92s breakfast=94? R On 5 Nov 2015, at 05:45, Joseph Lorenzo Hall wrote: > I should also point out, on a different part of the Bill, section 189, > "Maintenance of technical capability" requires non-UK > providers/companies to provide access to cleartext. e.g., this part > reaches non-UK folks: >=20 > "An obligation specified in regulations under this section may be > imposed on, and a technical capability notice given to, persons > outside the United Kingdom (and may require things to be done, or not > to be done, outside the United Kingdom)" >=20 > :/ >=20 > On Thu, Nov 5, 2015 at 2:08 PM, Robin Wilton wrote: >> It=92s very hard to work out exactly what UK policymakers think they = are aiming for here=85 quite possibly because their own understanding is = less than perfect. >>=20 >> In the parliamentary debate yesterday, the Home Secretary repeatedly = referred to retention of =93the first page or device accessed by a = user=94. >>=20 >> I don=92t think I know what that means. >>=20 >> I also wonder, for instance, how that would work in a =93portal=94-styl= e environment, where a single =93landing page=94 could contain dynamic = content elements. >>=20 >> Nor is it clear to me whether, once I visit a site, my CSP would have = to log the =93first connection=94 my browser gets to each embedded = third-party-served element on that page (e.g. ads, ssh sessions etc=85 = etc=85). >> If it does, there=92s potential for this measure to result in volumes = of data that are so large as to be increasingly unusable. (Obviously, as = a privacy-concerned citizen, if the interceptors drown in data, I can = see an upside in that ;^) ) >>=20 >> I will be looking at the detail of the Bill over the coming days, and = no doubt ISOC will be publishing some analysis, comments and = conclusions. >>=20 >> Yrs., >> Robin >>=20 >> Robin Wilton >> Technical Outreach Director - Identity and Privacy >> Internet Society >>=20 >> email: wilton@isoc.org >> Phone: +44 705 005 2931 >> Twitter: @futureidentity >>=20 >> On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall wrote: >>=20 >>> (moving a thread from Stephane on dns-privacy here to perpass) >>>=20 >>> I wanted to highlight for perpass the draft UK Bill [1] that dropped = yesterday. >>>=20 >>> It includes the following language in Section 71(9) that ISPs, on >>> notice, will need to retain the following for one year (and, yes, = some >>> of this is completely crazypants and totally unclear how to map = these >>> concepts onto technical concepts): >>>=20 >>> ---- >>>=20 >>> (9) In this Part =93relevant communications data=94 means = communications >>> data which may be used to identify, or assist in identifying, any of >>> the following=97 >>>=20 >>> (a) the sender or recipient of a communication (whether or not a = person), >>> (b) the time or duration of a communication, >>> (c) the type, method or pattern, or fact, of communication, >>> (d) the telecommunication system (or any part of it) from, to or >>> through which, or by means of which, a communication is or may be >>> transmitted, >>> (e) the location of any such system, or >>> (f) the internet protocol address, or other identifier, of any >>> apparatus to which a communication is transmitted for the purpose of >>> obtaining access to, or running, a computer file or computer = program. >>>=20 >>> In this subsection =93identifier=94 means an identifier used to = facilitate >>> the transmission of a communication. >>>=20 >>> ---- >>>=20 >>> While the press before had highlighted this bill would require >>> retaining "web browsing history" it seems both somewhat worse, and >>> potentially Netflow data for what seems like all an ISPs = subscribers. >>>=20 >>> Wondering if others have thoughts. >>>=20 >>> best, Joe >>>=20 >>> [1]: = https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/= 473770/Draft_Investigatory_Powers_Bill.pdf >>>=20 >>> ---------- Forwarded message ---------- >>> From: Stephane Bortzmeyer >>> Date: Wed, Nov 4, 2015 at 10:28 PM >>> Subject: [dns-privacy] We'll have stakeholders in Great Britain... >>> To: dns-privacy@ietf.org >>>=20 >>>=20 >>> http://www.bbc.com/news/uk-politics-34715872 >>>=20 >>> The bill will force companies to hold "internet connection records" >>> for 12 months so they can be requested by authorities. >>>=20 >>> Such data would consist of a basic domain address, >>>=20 >>> _______________________________________________ >>> dns-privacy mailing list >>> dns-privacy@ietf.org >>> https://www.ietf.org/mailman/listinfo/dns-privacy >>>=20 >>>=20 >>> -- >>> Joseph Lorenzo Hall >>> Chief Technologist >>> Center for Democracy & Technology >>> 1634 I ST NW STE 1100 >>> Washington DC 20006-4011 >>> (p) 202-407-8825 >>> (f) 202-637-0968 >>> joe@cdt.org >>> PGP: https://josephhall.org/gpg-key >>> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 >>>=20 >>> _______________________________________________ >>> perpass mailing list >>> perpass@ietf.org >>> https://www.ietf.org/mailman/listinfo/perpass >>=20 >=20 >=20 >=20 > -- > Joseph Lorenzo Hall > Chief Technologist > Center for Democracy & Technology > 1634 I ST NW STE 1100 > Washington DC 20006-4011 > (p) 202-407-8825 > (f) 202-637-0968 > joe@cdt.org > PGP: https://josephhall.org/gpg-key > fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 --Apple-Mail=_0DD03E24-7711-48FE-B126-E02B06FE4E02 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlY7WSEACgkQ646Z8yy2wExnoQEAl61UEepq6hFdQ2IUkVFcev5T P10iJ8dE3Vipf+tQcZAA/3mJ47YpssqWuifnYh73Axboqvdc4iM4UgnQvfCycpv4 =d47T -----END PGP SIGNATURE----- --Apple-Mail=_0DD03E24-7711-48FE-B126-E02B06FE4E02-- From nobody Wed Nov 11 02:28:15 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024BE1A8898 for ; Wed, 11 Nov 2015 02:28:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fn3C13xblTU6 for ; Wed, 11 Nov 2015 02:28:12 -0800 (PST) Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [217.70.190.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 981CF1A889D for ; Wed, 11 Nov 2015 02:28:09 -0800 (PST) Received: by mail.bortzmeyer.org (Postfix, from userid 10) id D46013BBC0; Wed, 11 Nov 2015 11:28:07 +0100 (CET) Received: by mail.sources.org (Postfix, from userid 1000) id 037EC1906C9; Wed, 11 Nov 2015 11:26:09 +0100 (CET) Date: Wed, 11 Nov 2015 11:26:09 +0100 From: Stephane Bortzmeyer To: perpass@ietf.org Message-ID: <20151111102609.GC25848@sources.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="WYTEVAkct0FjGQmd" Content-Disposition: inline X-Transport: UUCP rules X-Operating-System: Debian GNU/Linux 8.2 X-Charlie: Je suis Charlie User-Agent: Mutt/1.5.23 (2014-03-12) Archived-At: Subject: [perpass] [iesg-secretary@ietf.org: Last Call: (DNS query name minimisation to improve privacy) to Experimental RFC] X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2015 10:28:14 -0000 --WYTEVAkct0FjGQmd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline It's a work which started in perpass (DNS privacy) so some people here may be interested by this IETF-wide Last Call. --WYTEVAkct0FjGQmd Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: stephane@sources.org Delivered-To: stephane@sources.org Received: by mail.sources.org (Postfix, from userid 10) id F2DE1190CB4; Wed, 11 Nov 2015 08:49:18 +0100 (CET) Received: from mx4.nic.fr (mx4.nic.fr [192.134.4.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.bortzmeyer.org (Postfix) with ESMTPS id DD6CD3BBBA for ; Tue, 10 Nov 2015 12:23:12 +0100 (CET) Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id A33E22801C3; Tue, 10 Nov 2015 12:23:12 +0100 (CET) Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id 9C1F02801BB; Tue, 10 Nov 2015 12:23:12 +0100 (CET) Received: from bortzmeyer.nic.fr (unknown [IPv6:2001:67c:1348:7::86:133]) by relay1.nic.fr (Postfix) with ESMTP id 891D6960001; Tue, 10 Nov 2015 12:22:42 +0100 (CET) Resent-From: Stephane Bortzmeyer Resent-Date: Tue, 10 Nov 2015 12:22:42 +0100 Resent-Message-ID: <20151110112242.GA3603@nic.fr> Resent-To: stephane@sources.org, stephane@laperouse.bortzmeyer.org Received: from hebe.prod-int.prive.th3.nic.fr [10.1.81.80] by batilda.nic.fr with IMAP (fetchmail-6.3.26) for (single-drop); Tue, 10 Nov 2015 03:51:26 +0100 (CET) Received: from hebe.prod-int.prive.th3.nic.fr (LHLO zimbra.afnic.fr) (10.1.81.80) by zimbra.afnic.fr with LMTP; Tue, 10 Nov 2015 03:48:54 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by zimbra.afnic.fr (Postfix) with ESMTP id 7E1DF2D7C0A9 for ; Tue, 10 Nov 2015 03:48:54 +0100 (CET) X-Spam-Flag: NO X-Spam-Score: -3.568 X-Spam-Level: X-Spam-Status: No, score=-3.568 tagged_above=-10 required=6.6 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham autolearn_force=no Received: from zimbra.afnic.fr ([127.0.0.1]) by localhost (zimbra.afnic.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id f4CzMRjHBNLf for ; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by zimbra.afnic.fr (Postfix) with ESMTP id E14D52D7C0AE for ; Tue, 10 Nov 2015 03:48:53 +0100 (CET) X-Virus-Scanned: amavisd-new at zimbra.afnic.fr Received: from zimbra.afnic.fr ([127.0.0.1]) by localhost (zimbra.afnic.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rGVZN3nc7nRs for ; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by zimbra.afnic.fr (Postfix) with ESMTP id CE2122D7C0A9 for ; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: by relay1.nic.fr (Postfix) id CC6F74C0053; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: from mx5.nic.fr (mx5.nic.fr [IPv6:2001:67c:2218:2::4:13]) by relay1.nic.fr (Postfix) with ESMTP id CBA224C0006 for ; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: from mx5.nic.fr (localhost [127.0.0.1]) by mx5.nic.fr (Postfix) with SMTP id CA3F73000AF for ; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: by mx5.nic.fr (Postfix, from userid 1137) id AE0E13002D8; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: from mail.ietf.org (mail.ietf.org [4.31.198.44]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx5.nic.fr (Postfix) with ESMTPS id 799E13000AF for ; Tue, 10 Nov 2015 03:48:53 +0100 (CET) Received: by ietfa.amsl.com (Postfix, from userid 65534) id 23B711A6FB2; Mon, 9 Nov 2015 18:48:52 -0800 (PST) X-Original-To: draft-ietf-dnsop-qname-minimisation@ietf.org Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EB5441A1BED; Mon, 9 Nov 2015 18:48:51 -0800 (PST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Old-From: The IESG To: "IETF-Announce" Old-Subject: Last Call: (DNS query name minimisation to improve privacy) to Experimental RFC X-Test-IDTracker: no X-IETF-IDTracker: 6.9.0 Auto-Submitted: auto-generated Precedence: bulk CC: dnsop@ietf.org, tjw.ietf@gmail.com, joelja@gmail.com, dnsop-chairs@ietf.org, draft-ietf-dnsop-qname-minimisation@ietf.org Reply-To: ietf@ietf.org Sender: Message-ID: <20151110024851.30496.62673.idtracker@ietfa.amsl.com> Date: Mon, 09 Nov 2015 18:48:51 -0800 X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2015.11.10.24215 X-PerlMx-Spam: Gauge=IIIIIIII, Probability=8%, Report=' MULTIPLE_RCPTS 0.1, HTML_00_01 0.05, HTML_00_10 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1200_1299 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, FROM_SAME_AS_TO_DOMAIN 0, __ANY_URI 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __FROM_SAME_AS_TO_DOMAIN 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_REPLYTO 0, __HTTPS_URI 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MULTIPLE_RCPTS_CC_X2 0, __MULTIPLE_URI_TEXT 0, __REPLYTO_SAMEAS_FROM_DOMAIN 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __URI_IN_BODY 0, __URI_NO_PATH 0, __URI_NO_WWW 0, __URI_NS ' Old-Subject: Last Call: (DNS query name minimisation to improve privacy) to Experimental RFC Old-From: The IESG X-Bogosity: Ham, tests=bogofilter, spamicity=0.003681, version=1.2.4 Subject: Last Call: (DNS query name minimisation to improve privacy) to Experimental RFC From: The IESG The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'DNS query name minimisation to improve privacy' as Experimental RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-11-23. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes one of the techniques that could be used to improve DNS privacy, a technique called "QNAME minimisation", where the DNS resolver no longer sends the full original QNAME to the upstream name server. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-qname-minimisation/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-dnsop-qname-minimisation/ballot/ The following IPR Declarations may be related to this I-D: https://datatracker.ietf.org/ipr/2469/ https://datatracker.ietf.org/ipr/2542/ --WYTEVAkct0FjGQmd-- From nobody Tue Nov 17 06:58:47 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB8A1A8BB3 for ; Tue, 17 Nov 2015 06:58:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.8 X-Spam-Level: X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zef3pN7B7_1Z for ; Tue, 17 Nov 2015 06:58:43 -0800 (PST) Received: from mmextmx1.mcr.colo.comodoca.net (mmextmx1.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83BDE1A8AF8 for ; Tue, 17 Nov 2015 06:58:42 -0800 (PST) Received: (qmail 5983 invoked by uid 1004); 17 Nov 2015 14:58:40 -0000 Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx1.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Tue, 17 Nov 2015 14:58:40 +0000 Received: (qmail 18176 invoked by uid 1000); 17 Nov 2015 14:58:40 -0000 Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Tue, 17 Nov 2015 14:58:40 +0000 To: Robin Wilton , Joseph Hall Lorenzo References: <20151104132852.GA30149@laperouse.bortzmeyer.org> <2F62068C-93EA-4F65-B975-9D9E0534A103@isoc.org> <6CD67975-65C7-48F5-8BCB-CA5E2CC7C365@isoc.org> From: Rob Stradling Message-ID: <564B409B.3020408@comodo.com> Date: Tue, 17 Nov 2015 14:58:35 +0000 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <6CD67975-65C7-48F5-8BCB-CA5E2CC7C365@isoc.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Archived-At: Cc: perpass , Stephane Bortzmeyer Subject: Re: [perpass] [dns-privacy] We'll have stakeholders in Great Britain... X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2015 14:58:46 -0000 Nice article from the Beeb: http://www.bbc.co.uk/news/technology-34842854 Some great quotes... 'Cybercrime consultant Prof Alan Woodward says the availability of encrypted systems makes the security agencies crackdown "absolutely pointless".' 'And Prof Woodward says: "There are more power outages caused by squirrels than by cyber-terrorists."' On 05/11/15 13:28, Robin Wilton wrote: > Have you heard the English expression dogs breakfast? > > R > > > On 5 Nov 2015, at 05:45, Joseph Lorenzo Hall wrote: > >> I should also point out, on a different part of the Bill, section 189, >> "Maintenance of technical capability" requires non-UK >> providers/companies to provide access to cleartext. e.g., this part >> reaches non-UK folks: >> >> "An obligation specified in regulations under this section may be >> imposed on, and a technical capability notice given to, persons >> outside the United Kingdom (and may require things to be done, or not >> to be done, outside the United Kingdom)" >> >> :/ >> >> On Thu, Nov 5, 2015 at 2:08 PM, Robin Wilton wrote: >>> Its very hard to work out exactly what UK policymakers think they are aiming for here quite possibly because their own understanding is less than perfect. >>> >>> In the parliamentary debate yesterday, the Home Secretary repeatedly referred to retention of the first page or device accessed by a user. >>> >>> I dont think I know what that means. >>> >>> I also wonder, for instance, how that would work in a portal-style environment, where a single landing page could contain dynamic content elements. >>> >>> Nor is it clear to me whether, once I visit a site, my CSP would have to log the first connection my browser gets to each embedded third-party-served element on that page (e.g. ads, ssh sessions etc etc). >>> If it does, theres potential for this measure to result in volumes of data that are so large as to be increasingly unusable. (Obviously, as a privacy-concerned citizen, if the interceptors drown in data, I can see an upside in that ;^) ) >>> >>> I will be looking at the detail of the Bill over the coming days, and no doubt ISOC will be publishing some analysis, comments and conclusions. >>> >>> Yrs., >>> Robin >>> >>> Robin Wilton >>> Technical Outreach Director - Identity and Privacy >>> Internet Society >>> >>> email: wilton@isoc.org >>> Phone: +44 705 005 2931 >>> Twitter: @futureidentity >>> >>> On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall wrote: >>> >>>> (moving a thread from Stephane on dns-privacy here to perpass) >>>> >>>> I wanted to highlight for perpass the draft UK Bill [1] that dropped yesterday. >>>> >>>> It includes the following language in Section 71(9) that ISPs, on >>>> notice, will need to retain the following for one year (and, yes, some >>>> of this is completely crazypants and totally unclear how to map these >>>> concepts onto technical concepts): >>>> >>>> ---- >>>> >>>> (9) In this Part relevant communications data means communications >>>> data which may be used to identify, or assist in identifying, any of >>>> the following >>>> >>>> (a) the sender or recipient of a communication (whether or not a person), >>>> (b) the time or duration of a communication, >>>> (c) the type, method or pattern, or fact, of communication, >>>> (d) the telecommunication system (or any part of it) from, to or >>>> through which, or by means of which, a communication is or may be >>>> transmitted, >>>> (e) the location of any such system, or >>>> (f) the internet protocol address, or other identifier, of any >>>> apparatus to which a communication is transmitted for the purpose of >>>> obtaining access to, or running, a computer file or computer program. >>>> >>>> In this subsection identifier means an identifier used to facilitate >>>> the transmission of a communication. >>>> >>>> ---- >>>> >>>> While the press before had highlighted this bill would require >>>> retaining "web browsing history" it seems both somewhat worse, and >>>> potentially Netflow data for what seems like all an ISPs subscribers. >>>> >>>> Wondering if others have thoughts. >>>> >>>> best, Joe >>>> >>>> [1]: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf >>>> >>>> ---------- Forwarded message ---------- >>>> From: Stephane Bortzmeyer >>>> Date: Wed, Nov 4, 2015 at 10:28 PM >>>> Subject: [dns-privacy] We'll have stakeholders in Great Britain... >>>> To: dns-privacy@ietf.org >>>> >>>> >>>> http://www.bbc.com/news/uk-politics-34715872 >>>> >>>> The bill will force companies to hold "internet connection records" >>>> for 12 months so they can be requested by authorities. >>>> >>>> Such data would consist of a basic domain address, >>>> >>>> _______________________________________________ >>>> dns-privacy mailing list >>>> dns-privacy@ietf.org >>>> https://www.ietf.org/mailman/listinfo/dns-privacy >>>> >>>> >>>> -- >>>> Joseph Lorenzo Hall >>>> Chief Technologist >>>> Center for Democracy & Technology >>>> 1634 I ST NW STE 1100 >>>> Washington DC 20006-4011 >>>> (p) 202-407-8825 >>>> (f) 202-637-0968 >>>> joe@cdt.org >>>> PGP: https://josephhall.org/gpg-key >>>> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 >>>> >>>> _______________________________________________ >>>> perpass mailing list >>>> perpass@ietf.org >>>> https://www.ietf.org/mailman/listinfo/perpass >>> >> >> >> >> -- >> Joseph Lorenzo Hall >> Chief Technologist >> Center for Democracy & Technology >> 1634 I ST NW STE 1100 >> Washington DC 20006-4011 >> (p) 202-407-8825 >> (f) 202-637-0968 >> joe@cdt.org >> PGP: https://josephhall.org/gpg-key >> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. From nobody Tue Nov 24 10:30:04 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D5B01A21B2; Tue, 24 Nov 2015 10:30:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.9 X-Spam-Level: X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_14=0.6, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s598FN0chR0j; Tue, 24 Nov 2015 10:30:01 -0800 (PST) Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51BCC1A009C; Tue, 24 Nov 2015 10:30:01 -0800 (PST) Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id tAOIU06O007927 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Tue, 24 Nov 2015 10:30:00 -0800 From: Dave Crocker References: To: perpass , "ietf-privacy@ietf.org" Organization: Brandenburg InternetWorking Message-ID: <5654ACA4.2090708@dcrocker.net> Date: Tue, 24 Nov 2015 10:29:56 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Tue, 24 Nov 2015 10:30:00 -0800 (PST) Archived-At: Subject: [perpass] Fwd: All Three Keys Under Doormats Video Posted X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: dcrocker@bbiw.net List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 18:30:03 -0000 Folks, G'day, Given these groups' focus on privacy and pervasive monitoring and given the latest, renewed effort by politicians to lobby for institutionalized compromise of privacy, through encryption back doors, you might find the enclosed timely. The videos are self-explanatory. I'm hoping they prove useful for non-technical as well as technical folk seeking to understand the inherent problems with efforts to demand "exceptional access" to protected information. d/ -------- Forwarded Message -------- ... Hello all - All of the Keys Under Doormats videos are now posted on the public M3AAWG YouTube channel at www.youtube.com/maawg (our channel name predates the “3” in maawg). ... Here are the specific URLs: *Keys Under Doormats 2015 Falk Award: How and Why the Report was Developed* - https://youtu.be/TRm2LUGvGeM with Josh Benaloh and the clips of the seven other authors, including a brief introduction of the award with Michael Adkins and the award presentation by Dave Crocker *Keys Under Doormats: Tutorial on Content and Issues* - https://youtu.be/G-R8Tti0hCA with Josh Benaloh and a brief overview of current M3AAWG Pervasive Monitoring SIG work by Janet Jones *Keys Under Doormats: A Conversation on the Report’s Significance and Impact* - https://youtu.be/lDa5TClWh7c with Josh Benaloh and Dave Crocker -- Dave Crocker Brandenburg InternetWorking bbiw.net -- Dave Crocker Brandenburg InternetWorking bbiw.net From nobody Tue Nov 24 12:11:06 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1446E1A8904 for ; Tue, 24 Nov 2015 12:11:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.687 X-Spam-Level: X-Spam-Status: No, score=-0.687 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mm7qiP72nSyI for ; Tue, 24 Nov 2015 12:11:03 -0800 (PST) Received: from cowbell.employees.org (cowbell.employees.org [65.50.211.142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 948581A8902 for ; Tue, 24 Nov 2015 12:11:03 -0800 (PST) Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 10B1BD7888 for ; Tue, 24 Nov 2015 12:11:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=date:from :to:subject:message-id:mime-version:content-type; s=selector1; bh=7aKDzIs+sFja+8del4YT081M0e8=; b=Qzs6o2lcMp3rSbJEkw4EvZ0JPtg5 Cz45CQc9T3r2cVgfIJGMs7MPB3jTk92IKBhHKomvw8+dwsZkB55zpjlmiG196igS PiBTs5QTWLJvVCJi/J9QdKQg8Ze253yo/DyXFwTPrLt6OHIRpnChTV2Yz7G5JuEH DaZTiN36IcdWrHo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=date:from :to:subject:message-id:mime-version:content-type; q=dns; s= selector1; b=hHiYqjUUU1Ga37xVXR3fsjQI3kszbhrsqMI6UhicBAn7fyA14mc cNg3kIUI+AUG2+7mmNTpej8ARMpQebDK1zDWmsF371/3qgAd9YEtAY6jKKSBgxPG /tA7R398Fpo2nPArmctoEDdDgOcgvpIqralY/LbW33TNqaefW5JkJ0uE= Received: by cowbell.employees.org (Postfix, from userid 1736) id 0DCAED7885; Tue, 24 Nov 2015 12:11:03 -0800 (PST) Date: Tue, 24 Nov 2015 20:11:03 +0000 From: Derek Fawcus To: perpass Message-ID: <20151124201103.GA9353@cowbell.employees.org> Mail-Followup-To: perpass MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Subject: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 20:11:05 -0000 Given the current UK IPB bill, I got pondering about SMTP again. SMTP uses MX DNS records, and so its always known to be on port 25, would there be much value in moving to using SRV records, such that it could move off port 25, making TPB's task a bit more difficult? DF From nobody Tue Nov 24 13:25:17 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B31D1A8AB9 for ; Tue, 24 Nov 2015 13:25:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.086 X-Spam-Level: X-Spam-Status: No, score=-15.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7Z4GEdXdklS for ; Tue, 24 Nov 2015 13:25:07 -0800 (PST) Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6B791A8A8B for ; Tue, 24 Nov 2015 13:25:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1499; q=dns/txt; s=iport; t=1448400307; x=1449609907; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=ZFlDE/EDinUG0FwOsHO1alWP7xH+4QBnx9FAMZ3CY6s=; b=mV18SR8URGuSSvfW3g2QQa4Dd1EEacHVBjnuuyUyOUuCOS8wEiCYTxhS qVar1lA//vqGsIvDxMke/r4xdoV/4MKnjQtgqPWba6e77vS2zI1gl9IuF 4oh5bKSSsbKKnDEzxnOJDKU19dWebn3DfdvksXQLOUDg1nZn2naOHeU6a k=; X-Files: signature.asc : 481 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B8AgBk1FRW/xbLJq1ehA5vvj4OgWcXC?= =?us-ascii?q?oUkSgKBexQBAQEBAQEBgQqENQEBBAEBASBLGwsYCSECAg8CFjAGDQYCAQGIKg2?= =?us-ascii?q?tWZAlAQEBAQEBAQECAQEBAQEBARMFBItSh3WBRAWWVYJagWGId4kfkzkfAUOEB?= =?us-ascii?q?T00hSwBAQE?= X-IronPort-AV: E=Sophos;i="5.20,339,1444694400"; d="asc'?scan'208";a="631877943" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Nov 2015 21:25:04 +0000 Received: from [10.61.199.144] ([10.61.199.144]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id tAOLP4Yn000976 for ; Tue, 24 Nov 2015 21:25:04 GMT To: perpass References: <20151124201103.GA9353@cowbell.employees.org> From: Eliot Lear X-Enigmail-Draft-Status: N1110 Message-ID: <5654D5AF.50700@cisco.com> Date: Tue, 24 Nov 2015 22:25:03 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151124201103.GA9353@cowbell.employees.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="k4QRM0jPImRT6v1lT36QifV4m5XUE2VTq" Archived-At: Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 21:25:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --k4QRM0jPImRT6v1lT36QifV4m5XUE2VTq Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Derek, What benefit would this add to the average user? Eliot On 11/24/15 9:11 PM, Derek Fawcus wrote: > Given the current UK IPB bill, I got pondering about SMTP again. > > SMTP uses MX DNS records, and so its always known to be on port 25, > would there be much value in moving to using SRV records, such that > it could move off port 25, making TPB's task a bit more difficult? > > DF > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > --k4QRM0jPImRT6v1lT36QifV4m5XUE2VTq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQEcBAEBCAAGBQJWVNWvAAoJEIe2a0bZ0noz8GMIAKDuZjvtq/XegfYvIVgpK3nP 0ESpaI69wh+fOyKu/UiAay5iIdrRTBnea8NVhuQpCxD7YLpMDBGp79iUjPzmG+1d k66GWSo0mr+KMPE2Ebi6OWK9NXV2VzWNkUMISTcTIjR9NxzUS5DqyXSFrk15O2sY PJtsY6Fa1gJAu5TZg9nevhfYTVHtQz/TdW8+ozVKUSWqmwIyzVm8TuJqQXSG4fkD 4RmnkrTkNUQXPU+vqZ9f5bU/hvVa02pRLFyDhfsnrPgjQioK4sRU8LtxmJA9imPd rUcfcmVYjyZmLM3qDAT6wLv8VNhDBmFZ7zEMPA2lX156YDFBs+rIJoU3kDbbmR4= =52us -----END PGP SIGNATURE----- --k4QRM0jPImRT6v1lT36QifV4m5XUE2VTq-- From nobody Tue Nov 24 14:24:00 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0360C1A8ADF for ; Tue, 24 Nov 2015 14:23:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.087 X-Spam-Level: X-Spam-Status: No, score=-1.087 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RP_MATCHES_RCVD=-0.585, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yz9a_BYOChv8 for ; Tue, 24 Nov 2015 14:23:56 -0800 (PST) Received: from fugue.com (mail-2.fugue.com [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by ietfa.amsl.com (Postfix) with ESMTP id 4D13B1A9079 for ; Tue, 24 Nov 2015 14:23:55 -0800 (PST) Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14484038244370.47066691773943603" From: Ted Lemon To: lear@cisco.com In-Reply-To: <5654D5AF.50700@cisco.com> References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> Date: Tue, 24 Nov 2015 22:23:44 +0000 Message-Id: <1448403824760-dbe4ee86-e05e8503-58e2c4c8@fugue.com> MIME-Version: 1.0 Archived-At: Cc: perpass@ietf.org Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 22:23:58 -0000 ------sinikael-?=_1-14484038244370.47066691773943603 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Tuesday, Nov 24, 2015 4:25 PM Eliot Lear wrote: > What benefit would this add to the average user=3F It's the germ of an interesting idea. The theory would be that a sniffer = at the backbone would have to listen to all traffic, not just traffic on = port 25. However, it's not as good as SMTP+TLS, and has the same adoption= problem, plus SMTP+TLS has a =5Fbig=5F head start, so it's probably better= to concentrate our efforts on making that work even better. -- Sent from Whiteout Mail - https://whiteout.io My PGP key: https://keys.whiteout.io/mellon@fugue.= com ------sinikael-?=_1-14484038244370.47066691773943603 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: OpenPGP.js v1.2.0 Comment: Whiteout Mail - https://whiteout.io wsBcBAEBCAAQBQJWVONwCRAMw8Nu0HeKywAAIvkIAKn/ORZOAEkKK/VQ8kao Xrd115/zu5eTVjppllApjdJFBnYcjTQcjFMhSakeN6j8YqErfPCFpbVd7CYp kbRwmEoGUwmDduduZBQq5bc3/8aLdYsvkIbTF+W3zby9JZLmyb6WJYdmYPdI D4A4C5QlawYggYD8ZwWQBJqukGFSTRXbgA4edrNSvb7/GaRLAZ1Fu/45HQ/x jNW9VrJI3aOBHCt8T58/i3+NufgDBRgPMie5R5qh7A+x1ePt2ax2cmcFgSFr Ur0LhJBypzzGcj0RUD4OwCasEoEvAwD8kBXCt6A330DImZrP7Q0sJaJnIlF5 EYVywgUFwgs3+fIaI8CbM9U= =CGnF -----END PGP SIGNATURE----- ------sinikael-?=_1-14484038244370.47066691773943603-- From nobody Tue Nov 24 14:41:10 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF581A90E6 for ; Tue, 24 Nov 2015 14:41:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9zXwQDQMryun for ; Tue, 24 Nov 2015 14:41:07 -0800 (PST) Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A06D1A90E1 for ; Tue, 24 Nov 2015 14:41:07 -0800 (PST) Received: by qgec40 with SMTP id c40so21160089qge.2 for ; Tue, 24 Nov 2015 14:41:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Zh4b2xaoMHgGUPCC98OJKSpRbdYIba30mISS1sqXpIE=; b=chuSqoS64dEMYr1o7FyQKk0uy71QUay5ie+KomhdKe0+Ojc0Rn91rfLLk1RKydEGTm flf2KcjClrs1odPshk5HDJL+CxXCkQIAHyJKL2JhJm+MavU8dYf7bZFTT4lnp7ZilBDk el23g1yb4krno8GPw61+Qgry0HvXU6CXF6BwFfsyOjFs2nyV/fDNuJl0q+cjbz+vjvqu ax/UDISisa/TR0z7coJsNms3z25yAoVwiMnRfDbcafT2cHsZPBnZT1jc30vOy82pJKI4 5lyaF/S8fgGvj+B++jVpii34ITnhG8PwssjsBKiogefqXAFAlb8DYApicg94V0kAy3Rl TdYw== MIME-Version: 1.0 X-Received: by 10.140.172.3 with SMTP id s3mr37974536qhs.6.1448404866492; Tue, 24 Nov 2015 14:41:06 -0800 (PST) Received: by 10.55.115.132 with HTTP; Tue, 24 Nov 2015 14:41:06 -0800 (PST) In-Reply-To: <1448403824760-dbe4ee86-e05e8503-58e2c4c8@fugue.com> References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <1448403824760-dbe4ee86-e05e8503-58e2c4c8@fugue.com> Date: Tue, 24 Nov 2015 14:41:06 -0800 Message-ID: From: Ted Hardie To: Ted Lemon Content-Type: multipart/alternative; boundary=001a113a6e8e8ef29e052551090e Archived-At: Cc: "" , Eliot Lear Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 22:41:09 -0000 --001a113a6e8e8ef29e052551090e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Nov 24, 2015 at 2:23 PM, Ted Lemon wrote: > Tuesday, Nov 24, 2015 4:25 PM Eliot Lear wrote: > > What benefit would this add to the average user? > > It's the germ of an interesting idea. The theory would be that a sniffe= r > at the backbone would have to listen to all traffic, not just traffic on > port 25. =E2=80=8BI don't think that's quite right. A port-specific sniffer would h= ave to know what SMTP port was correct for a specific domain. Depending on the TTL of the record, that might turn into a table lookup for setting the sniffers rather than listening to all traffic. That said, I rather suspect that listening to all traffic is pretty much in the program of most signals intelligence agencies anyway, because the ephemeral ports can be be used by VoIP and other media traffic. DPI on that would tell you which ones were SMTP and which others pretty rapidly. However, it's not as good as SMTP+TLS, and has the same adoption problem, > plus SMTP+TLS has a _big_ head start, so it's probably better to > concentrate our efforts on making that work even better. > > =E2=80=8BYes, focusing on getting encryption underneath it seems like a bet= ter use of energy; at most, port shifting is minor security through obscurity, and that doesn't tend to give you a lot of bang for your buck. Just my two cents, Ted=E2=80=8B > > -- > Sent from Whiteout Mail - https://whiteout.io > > My PGP key: https://keys.whiteout.io/mellon@fugue.com > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > > --001a113a6e8e8ef29e052551090e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Tue, Nov 24, 2015 at 2:23 PM= , Ted Lemon <mellon@fugue.com> wrote:
Tuesday, Nov 24, 201= 5 4:25 PM Eliot Lear wrote:
> What benefit would this add to the average user?

It's the germ of an interesting idea.=C2=A0 =C2=A0The theory wou= ld be that a sniffer at the backbone would have to listen to all traffic, n= ot just traffic on port 25.=C2=A0

=E2=80=8BI= don't think that's quite right.=C2=A0 A port-specific sniffer woul= d have to know what SMTP port was correct for a specific domain.=C2=A0 Depe= nding on the TTL of the record, that might turn into a table lookup for set= ting the sniffers rather than listening to all traffic.

That said, I rather suspect that listening to all traffic is pretty muc= h in the program of most signals intelligence agencies anyway, because the = ephemeral ports can be be used by VoIP and other media traffic. DPI on that= would tell you which ones were SMTP and which others pretty rapidly.

=C2=A0However, it's not a= s good as SMTP+TLS, and has the same adoption problem, plus SMTP+TLS has a = _big_ head start, so it's probably better to concentrate our efforts on= making that work even better.


=E2=80=8BYes, focusing on getting encry= ption underneath it seems like a better use of energy; at most, port shifti= ng is minor security through obscurity, and that doesn't tend to give y= ou a lot of bang for your buck.

Just my two cents,
Ted=E2=80=8B

=C2=A0

--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon@fugue.com_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass


--001a113a6e8e8ef29e052551090e-- From nobody Tue Nov 24 22:47:39 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E043D1B2ABB for ; Tue, 24 Nov 2015 22:47:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.085 X-Spam-Level: X-Spam-Status: No, score=-15.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UH2ycHnvyIz5 for ; Tue, 24 Nov 2015 22:47:34 -0800 (PST) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BEE1B2ABA for ; Tue, 24 Nov 2015 22:47:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8592; q=dns/txt; s=iport; t=1448434053; x=1449643653; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=pS30r2UV00FYZ3FR9LdyUYSIeuV+W99NEeoFS/3oWLc=; b=YXrk7SivwuBfIcovD/Pqr6clom31uqAQ4P2lrr1RdiI3X83vvSJdJCWf OD7TjCjwnP8y2Di9auFU6DQkiH6AReAMDkdl4t+iztdaMjlYEH+oQdhTO aAPgSQJH+yu1yS5yPmBlveysMjPICMlgoirve85pX5q1GkHBMMMqBhmTn M=; X-Files: signature.asc : 481 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CtBABWWFVW/xbLJq1ehA5vwD8XAQmFJ?= =?us-ascii?q?EoCghUBAQEBAQGBC4Q1AQEEAQEBIEsKARALGAkWCAMCAgkDAgECARUfEQYBDAY?= =?us-ascii?q?CAQGIKg2tKpAuAQEBAQEBAQEBAQEBAQEBAQEBAQEBDwUEi1KEOwEBgziBRAWWV?= =?us-ascii?q?YJagWFqiA2BW4dEj0eDcmOCER2BVz00AYNqgUEBAQE?= X-IronPort-AV: E=Sophos;i="5.20,341,1444694400"; d="asc'?scan'208,217";a="608442242" Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Nov 2015 06:47:31 +0000 Received: from [10.61.104.165] (dhcp-10-61-104-165.cisco.com [10.61.104.165]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id tAP6lVTO016200; Wed, 25 Nov 2015 06:47:31 GMT To: Ted Hardie , Ted Lemon References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <1448403824760-dbe4ee86-e05e8503-58e2c4c8@fugue.com> From: Eliot Lear Message-ID: <56555980.4000804@cisco.com> Date: Wed, 25 Nov 2015 07:47:28 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="H5u37UN2FxHNpV9bWA2A7DWFx19JdAa46" Archived-At: Cc: "" Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 06:47:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --H5u37UN2FxHNpV9bWA2A7DWFx19JdAa46 Content-Type: multipart/alternative; boundary="------------010608060807090503060901" This is a multi-part message in MIME format. --------------010608060807090503060901 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Yeah, this is what I would suggest as well, especially for SMTP. There are a host of operational problems with attempting to vary the port. Eliot On 11/24/15 11:41 PM, Ted Hardie wrote: > On Tue, Nov 24, 2015 at 2:23 PM, Ted Lemon > wrote: > > Tuesday, Nov 24, 2015 4:25 PM Eliot Lear wrote: > > What benefit would this add to the average user? > > It's the germ of an interesting idea. The theory would be that a > sniffer at the backbone would have to listen to all traffic, not > just traffic on port 25.=20 > > > =E2=80=8BI don't think that's quite right. A port-specific sniffer wou= ld have > to know what SMTP port was correct for a specific domain. Depending > on the TTL of the record, that might turn into a table lookup for > setting the sniffers rather than listening to all traffic. > > That said, I rather suspect that listening to all traffic is pretty > much in the program of most signals intelligence agencies anyway, > because the ephemeral ports can be be used by VoIP and other media > traffic. DPI on that would tell you which ones were SMTP and which > others pretty rapidly. > > However, it's not as good as SMTP+TLS, and has the same adoption > problem, plus SMTP+TLS has a _big_ head start, so it's probably > better to concentrate our efforts on making that work even better. > > > =E2=80=8B Yes, focusing on getting encryption underneath it seems like = a > better use of energy; at most, port shifting is minor security through > obscurity, and that doesn't tend to give you a lot of bang for your buc= k. > > Just my two cents, > > Ted =E2=80=8B > > =20 > > > -- > Sent from Whiteout Mail - https://whiteout.io > > My PGP key: https://keys.whiteout.io/mellon@fugue.com > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass > > --------------010608060807090503060901 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Yeah, this is what I would suggest as well, especially for SMTP.=C2=A0= There are a host of operational problems with attempting to vary the port.

Eliot


On 11/24/15 11:41 PM, Ted Hardie wrote= :
On Tue, Nov 24, 2015 at 2:23 PM, Ted Lemon <mellon@f= ugue.com> wrote:
Tuesday, Nov 24, 2015 4:25 PM Eliot Lear wrote= :
> What benefit would this add to the average user?
=
It's the germ of an interesting idea.=C2=A0 =C2=A0Th= e theory would be that a sniffer at the backbone would have to listen to all traffic, not just traffic on port 25.=C2=A0

=E2= =80=8BI don't think that's quite right.=C2=A0 A port-specific sni= ffer would have to know what SMTP port was correct for a specific domain.=C2=A0 Depending on the TTL of the record= , that might turn into a table lookup for setting the sniffers rather than listening to all traffic.

T= hat said, I rather suspect that listening to all traffic is pretty much in the program of most signals intelligence agencies anyway, because the ephemeral ports can be be used by VoIP and other media traffic. DPI on that would tell you which ones were SMTP and which others pretty rapidly.

=C2=A0However, it's not as good as SMTP+TLS, and has the sa= me adoption problem, plus SMTP+TLS has a _big_ head start, so it's probably better to concentrate our efforts on making that work even better.


=E2= =80=8B Yes, focusing on getting encryption underneath it seems like a better use of energy; at most, port shifting is minor security through obscurity, and that doesn't tend to give you a lot of bang for your buck.

J= ust my two cents,

T= ed =E2=80=8B

=C2=A0

--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteou= t.io/mellon@fugue.com
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org= /mailman/listinfo/perpass



--------------010608060807090503060901-- --H5u37UN2FxHNpV9bWA2A7DWFx19JdAa46 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQEcBAEBCAAGBQJWVVmBAAoJEIe2a0bZ0nozaBEH/jpKW3wuGOJZULJSQKtDYzns edLEPeptX6Q6A6IsoSpKVhlgRgcBHnyPd1hoZv4oN+BjREOdgSaih1T1i5PCaGVp EOau9jBS0EAMv3GfYR/lDfe+EjOt0pN57jaObfAgD2x0khcPLTuPzk20l6UB1tds xSQgeITD7ekwjkJF3wOBScliExe0UVCMy7HCHZX/d+GtKLwpw1PnzMpQLhh8APWY uwKISt5R/OOT820qfM78jTZ6igZ9300BKnaf1+mGID0qo/SJjX+fH6LK5nu+e3cR sRhV3IL+8l9bybexlQCQByEIpHOAe9UW/bdQ2WzN6mHG4R+wEfUTXultr5Nc5p4= =8j7R -----END PGP SIGNATURE----- --H5u37UN2FxHNpV9bWA2A7DWFx19JdAa46-- From nobody Tue Nov 24 23:11:40 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 879F41B2ADE for ; Tue, 24 Nov 2015 23:11:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.586 X-Spam-Level: X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJ1LgJCw9rUP for ; Tue, 24 Nov 2015 23:11:37 -0800 (PST) Received: from cowbell.employees.org (cowbell.employees.org [65.50.211.142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9E71B2AE0 for ; Tue, 24 Nov 2015 23:11:28 -0800 (PST) Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 69E24D7886 for ; Tue, 24 Nov 2015 23:11:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=date:from :to:subject:message-id:references:mime-version:content-type :in-reply-to; s=selector1; bh=x+y/YxmJdI7XD4u0vNJY1abNaUc=; b=FM Nh6qwO+lUY5iu5tqpmDm4M/Q7Gn9K7zex8EfTyiGTAcySFLQzpavnnekqUdlEHnl NLhRglKLUS82kLGfO+vAQGqf9pLUN1ltk2E1hgHxYMVflZAINOHxHgHyMdAzS7nI rBkkMS9sUsSrNu5mSVl0s4a+LseNHegIYUn0lZGmo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=date:from :to:subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=selector1; b=BhUsfspTgocvMM34ZkLKJR6oicEn zdmPtqMp6bWQEUehnBZzakq6tSpiKrm9vdzKx/ZiTmiah0nxXWSUtSLbv200sD0y L/RQQTDLHoovpr1Yb4+oQCBq4oCukCh2zbUz3Z1QfwOui/P/iJNSITRDN4QFfGI8 Luv2DjpLItOqWFk= Received: by cowbell.employees.org (Postfix, from userid 1736) id 5B285D7885; Tue, 24 Nov 2015 23:11:28 -0800 (PST) Date: Wed, 25 Nov 2015 07:11:28 +0000 From: Derek Fawcus To: perpass Message-ID: <20151125071128.GA99066@cowbell.employees.org> Mail-Followup-To: perpass References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5654D5AF.50700@cisco.com> User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 07:11:38 -0000 On Tue, Nov 24, 2015 at 10:25:03PM +0100, Eliot Lear wrote: > Hi Derek, > > What benefit would this add to the average user? 1. the snoopers have to potentially listen to all ports 2. it makes traffic analysis (for SMTP) more awkward to implement 3. doesn't require use of a certificate / encryption. So assume that tcpinc (or SMTP+TLS) gets wide deployment, that still leaves 1 & 2 above. Maybe at the moment most users take advantage of an ISP's smart host, and so there would seem to be little benefit wrt 2 above. However one of the impacts of the IPB looks to be encouraging more people to run their own SMTP server, or at least one with a restricted set of users, when point 2 becomes more significant. DF From nobody Wed Nov 25 02:20:28 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDFC01A1A42 for ; Wed, 25 Nov 2015 02:20:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.487 X-Spam-Level: X-Spam-Status: No, score=-2.487 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.585, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zYLF4L2PL9-N for ; Wed, 25 Nov 2015 02:20:25 -0800 (PST) Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id CCDB61A1A30 for ; Wed, 25 Nov 2015 02:20:24 -0800 (PST) Received: from [IPv6:2001:67c:10ec:52c7:8000::41b] (unknown [IPv6:2001:67c:10ec:52c7:8000::41b]) by trammell.ch (Postfix) with ESMTPSA id 3D2CB1A00B1; Wed, 25 Nov 2015 11:19:53 +0100 (CET) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Content-Type: multipart/signed; boundary="Apple-Mail=_18727992-DC6B-43A6-BFF3-F031DA70DDD1"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail 2.5.2 From: Brian Trammell In-Reply-To: <20151125071128.GA99066@cowbell.employees.org> Date: Wed, 25 Nov 2015 11:19:52 +0100 Message-Id: <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <20151125071128.GA99066@cowbell.employees.org> To: Derek Fawcus X-Mailer: Apple Mail (2.2104) Archived-At: Cc: perpass Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 10:20:27 -0000 --Apple-Mail=_18727992-DC6B-43A6-BFF3-F031DA70DDD1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 25 Nov 2015, at 08:11, Derek Fawcus = wrote: >=20 > On Tue, Nov 24, 2015 at 10:25:03PM +0100, Eliot Lear wrote: >> Hi Derek, >>=20 >> What benefit would this add to the average user? >=20 > 1. the snoopers have to potentially listen to all ports This adds *zero* cost. The granularity of packet capture for most = technologies I know of is interface-level. Ports don't exist here: you = have to capture the packet to parse the transport header to know what = the port is. Filtering on ports (e.g. with bpf) is a nice bit of = syntactic sugar that allows you to have the kernel not bother you with = ports you don't care about, but the work of parsing has to be done = anyway. > 2. it makes traffic analysis (for SMTP) more awkward to implement You simply have to attempt to match SMTP over all the traffic as opposed = to just that on port 25. This parallelizes *really* well, though, and I = doubt this costs more than a few millipennies of AWS time per gigabit of = traffic, because you can reject non-SMTP very early in the flow. > 3. doesn't require use of a certificate / encryption. Not necessarily a feature, but I do get that SRV record management is = somewhat easier than cert management. Don't get me wrong, using SRV records for port agility is in general a = good idea; MX is simply a pre-SRV hack and it would be cool to see it = deprecated (sometime in the late 2030s, perhaps). But I don't know that = I'd try to sell it as a privacy technique. Cheers, Brian > So assume that tcpinc (or SMTP+TLS) gets wide deployment, > that still leaves 1 & 2 above. >=20 > Maybe at the moment most users take advantage of an ISP's smart > host, and so there would seem to be little benefit wrt 2 above. >=20 > However one of the impacts of the IPB looks to be encouraging > more people to run their own SMTP server, or at least one with > a restricted set of users, when point 2 becomes more significant. >=20 > DF >=20 > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass --Apple-Mail=_18727992-DC6B-43A6-BFF3-F031DA70DDD1 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWVYtJAAoJEIoSt78L6kajIfoP/1QKoxycTEEcg65UDROxifSx HDWPyGgsY7yAtsQRvTaMyaPTMOnqTdrVQj2k0OmZS4BJQ+oApYYOpHUY4nMp/Y9m xPAFORY60JTtUXzGz6d1eCQEs1uSiTv8EbLL1wuNxI0GtPVlKQa59Gl98vUIIH6q uz1UvYbWgszzqvfmX2EUI15GIznc5GnvHtGxp8tWEoUiuGIPK3/0gyJ8AK4RKE4j /v65p+mqMAG7T1Bjg716YYxDomqArJCM6v5741nf78pfyvK0texRYPEi5WP1mrIk g77a2nD/OtbLNg7AtUOtUQKRDnQ42oiPKPCDUNO9LlGj5VI1HN1AXzMw53/4zVNa w4v6+6hZyOIsmzudBG9OzACFlJpizidnAmM+1Y5LDrt3uMsClpR7fhh3O6kYINDQ UkOmbQyJW7BNfaEwor9c7lsih5TQu/3pJou88tlcE5EyHnFxONxDZN92fiKak/IS femoERafKsUzpqp/czptwAH/4eNMBWRjXbz5mk3MiEk2U96pgMFgQkaADodPSXHr I/RcWCpnyKFdVP+e0I/C6YvkjfigAx5+ah2CtN1EG1FhKtG6lJGjvlGT5GB9PBjT jiCFf3E90ioGGLRtXlVxcKRB2Wf0TUhsB69uCuO1trtQaOM3twnHVXC16724JM1W hxXJ5nn00FGHSPOTxb6F =5w6K -----END PGP SIGNATURE----- --Apple-Mail=_18727992-DC6B-43A6-BFF3-F031DA70DDD1-- From nobody Wed Nov 25 03:52:51 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECE591B2BD2 for ; Wed, 25 Nov 2015 03:52:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.586 X-Spam-Level: X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5fRiPRVa4q7 for ; Wed, 25 Nov 2015 03:52:49 -0800 (PST) Received: from cowbell.employees.org (cowbell.employees.org [65.50.211.142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BC3F1B2BD1 for ; Wed, 25 Nov 2015 03:52:49 -0800 (PST) Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 98563D7883; Wed, 25 Nov 2015 03:52:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=date:from :to:cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=selector1; bh=Pl6FPREDMIVA0hSYCApY6MuexEQ=; b=bb X64Mx6AYFB5TSfyFkSnp6VJNnwpOpfHoAhjoksV0GOv8PcQy2MtLJ3ZiQN/owZgu cIJKx3BUSY5C4qLjuoWbGkOnzngQ8TiJ0hF+qGmrWMVcLmXmQb49eOiM2FZZWpU3 aeH3wmSF/cd2t0zGF+QANIFgHa+0MtA4sNCaYQRTk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=date:from :to:cc:subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=selector1; b=KHn/QJbcomcoMiR3sfqu8Gnig6Bj k9EDwaXGG+FTbkii3haL1xFcRiV9Xnd9lvAopFmcpAuPZ2OZ5ge1qFD8M8Fn/sDE gM1D87WYcVndn6ZmYV90TpM1dDx02X6lraeWmRwBaXSEBRCYX1gPzHlkQnT0Az0c aSMlqVQgIduoIk0= Received: by cowbell.employees.org (Postfix, from userid 1736) id 89CECD7882; Wed, 25 Nov 2015 03:52:48 -0800 (PST) Date: Wed, 25 Nov 2015 11:52:48 +0000 From: Derek Fawcus To: Brian Trammell Message-ID: <20151125115248.GA75123@cowbell.employees.org> Mail-Followup-To: Brian Trammell , perpass References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <20151125071128.GA99066@cowbell.employees.org> <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Cc: perpass Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 11:52:51 -0000 On Wed, Nov 25, 2015 at 11:19:52AM +0100, Brian Trammell wrote: > > On 25 Nov 2015, at 08:11, Derek Fawcus wrote: > > On Tue, Nov 24, 2015 at 10:25:03PM +0100, Eliot Lear wrote: > >> Hi Derek, > >> > >> What benefit would this add to the average user? > > > > 1. the snoopers have to potentially listen to all ports > > This adds *zero* cost. The granularity of packet capture for most technologies I know of is interface-level. Ports don't exist here: you have to capture the packet to parse the transport header to know what the port is. Filtering on ports (e.g. with bpf) is a nice bit of syntactic sugar that allows you to have the kernel not bother you with ports you don't care about, but the work of parsing has to be done anyway. > > > 2. it makes traffic analysis (for SMTP) more awkward to implement > > You simply have to attempt to match SMTP over all the traffic as opposed to just that on port 25. This parallelizes *really* well, though, and I doubt this costs more than a few millipennies of AWS time per gigabit of traffic, because you can reject non-SMTP very early in the flow. > > > 3. doesn't require use of a certificate / encryption. > > Not necessarily a feature, but I do get that SRV record management is somewhat easier than cert management. > > Don't get me wrong, using SRV records for port agility is in general a good idea; MX is simply a pre-SRV hack and it would be cool to see it deprecated (sometime in the late 2030s, perhaps). But I don't know that I'd try to sell it as a privacy technique. Well, one of the characteristics of the IPB is that it seems to require ISPs to maintain a database of all 'connections', so assume of all TCP sessions, start/end times with src/dst addr+ports; and that TPTB can make a demand for a record matching a set of search keys (assume dst IP, port 25). So while the network level mechanisms may be able to monitor all traffic on the interface, having port agility means that the request for a connection record potentially has to ask for all connections, not just those to port 25, and that the results are not necessarily immediately characterised as being email. I was assuming that this would usually be in addition to encryption, not simply a replacement for it, as such DPI detection of SMTP on a different port would not simply be trivial. Or are you suggesting the inspector s/w can recognise it via the pattern of encrypted packet exchanges? The contents of the IPB seem to be about collecting information for fine grained traffic analysis, rather than content per-se (or at least that seems to be what it purports to be about), as such I was looking to make traffic analysis a bit more difficult, since encryption by itself doesn't prevent it. DF From nobody Wed Nov 25 04:05:12 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAF151B2BF1 for ; Wed, 25 Nov 2015 04:05:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.086 X-Spam-Level: X-Spam-Status: No, score=-15.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qqCs-flNSn3l for ; Wed, 25 Nov 2015 04:05:09 -0800 (PST) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 286AA1B2BF0 for ; Wed, 25 Nov 2015 04:05:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2324; q=dns/txt; s=iport; t=1448453109; x=1449662709; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=dwNk+suQEiI0XbtDh+AHNlEezB/TjkQmXQsL2QM0qio=; b=av1md3T4an6L5p7dcHnom92tXQK5ccVQWa/zkfsVSphn4caGTu6F6meZ IIleU27HTAUM0T4ec4SGjZhLe8SjcZoIz/hrC5bThot0MHTPEgJwN1854 RXAHXHd26BhyIPEQcd86x9dkaZD0r+/Wl9Sj/hD0UKtdsfRnk/zM3ye4u w=; X-Files: signature.asc : 481 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D3BABIo1VW/xbLJq1ewSKED4M9glICg?= =?us-ascii?q?g8BAQEBAQGBC4Q1AQEDASNbCwsOEyECAg8CRgYBDAgBAYgiCK1HkDoBAQEBAQE?= =?us-ascii?q?BAwEBAQEBAQETCYtShCoRAYM5gUQFllWCWoFhiHeJH5M5Y4QFPYQfgUEBAQE?= X-IronPort-AV: E=Sophos;i="5.20,342,1444694400"; d="asc'?scan'208";a="606754352" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Nov 2015 12:05:07 +0000 Received: from [10.61.212.99] ([10.61.212.99]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id tAPC57vS011167; Wed, 25 Nov 2015 12:05:07 GMT To: Brian Trammell , perpass References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <20151125071128.GA99066@cowbell.employees.org> <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> <20151125115248.GA75123@cowbell.employees.org> From: Eliot Lear X-Enigmail-Draft-Status: N1110 Message-ID: <5655A3F2.60900@cisco.com> Date: Wed, 25 Nov 2015 13:05:06 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151125115248.GA75123@cowbell.employees.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="A1gSNtlkUGqtBnMicmM1hvePFGPcOsDPn" Archived-At: Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 12:05:10 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --A1gSNtlkUGqtBnMicmM1hvePFGPcOsDPn Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, On 11/25/15 12:52 PM, Derek Fawcus wrote: > Well, one of the characteristics of the IPB is that it seems to requir= e ISPs > to maintain a database of all 'connections', so assume of all TCP sess= ions, > start/end times with src/dst addr+ports; and that TPTB can make a deman= d for a > record matching a set of search keys (assume dst IP, port 25). > > So while the network level mechanisms may be able to monitor all traffi= c on the > interface, having port agility means that the request for a connection= record > potentially has to ask for all connections, not just those to port 25,= and that > the results are not necessarily immediately characterised as being emai= l. This smells a lot more like an attempt to inhibit lawful intercept than it does to stop a bad guy spying on email. I believe that is the wrong goal. Moreover, we have been pleading with SPs for DECADES to block outbound port 25 in favor of 587 so that home systems do not relay email directly. With various BLs perhaps that advice is a little long in the tooth, but bad guys don't need a lot of sites to fail to use BLs to get stuff through. Encryption combined with aggregating MSPs will obscure flows. Small SPs may be another matter. Any evidence to the contrary that shows ability to correlate messages in an encrypted environment would be welcome. Eliot --A1gSNtlkUGqtBnMicmM1hvePFGPcOsDPn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQEcBAEBCAAGBQJWVaPyAAoJEIe2a0bZ0nozFo0IAJNv5MDE2O/LCuSpAbZ7eVX8 J0UKLic+VSl8KykJZr0ByJvdGrpkEXB8pvM5MUdM6uRFCWXx+wh4sjJGcR0aIrYQ WvwdOC7xG2CJoSg5DaIMwnzJEqCGcf+7HoOxlJwWgRWyAI4paCknn+UXielO4ZKQ emkRx6t3fIaXvWV5n/M/OIMJPVB58HD39jQM+6Z2Nep7AIDttvywi31eYqn0vpSp 3rvOj0xuPacW9MRTjV4xkz8oLizGZh8iUmgCpNSnxAtqahWHVeM1TFmegrfTEZ7s NioZJhuV+K2jfiqW1xlOI+K2AGzn2ksy3oUktOXqtVd8w1Yv/CQpIBDnhR+9Utk= =EGPs -----END PGP SIGNATURE----- --A1gSNtlkUGqtBnMicmM1hvePFGPcOsDPn-- From nobody Wed Nov 25 04:29:05 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC44A1A1AFF for ; Wed, 25 Nov 2015 04:29:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.586 X-Spam-Level: X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iaK4QEz23fpk for ; Wed, 25 Nov 2015 04:29:04 -0800 (PST) Received: from cowbell.employees.org (cowbell.employees.org [IPv6:2001:1868:a000:17::142]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F27211A0390 for ; Wed, 25 Nov 2015 04:29:03 -0800 (PST) Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id B44BED7882 for ; Wed, 25 Nov 2015 04:29:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h= resent-from:resent-date:resent-message-id:resent-to:date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=selector1; bh=/p6l/AKO4AVdA5XGbmp1dgfuW90=; b=j2 i35Hx0++mYAYKnL6yWwfjJO55e+MCS2PbrZ4Rn8wdoBlgZFHYbQbNS1PMrTVT0Y7 Ez+DErYHvHhacyrZBIrjL0zyyTIi2hC6esFzt2NSWoWLVRYtBGO2QF0kSjn4ruey TdG3XhpQ/Xnlx2TK02/nMhUvLfOj//azQ04a2eiKo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=resent-from :resent-date:resent-message-id:resent-to:date:from:to:subject :message-id:references:mime-version:content-type:in-reply-to; q= dns; s=selector1; b=Y+BpWYmVByEbechyT2dseaWrvsauRqNnc153kkvHnkeR HurRj/68I7bqypV8Nn2T2CiKBaAZ0pRu7jDZHeBhFaf4N64VdUQKpJBrbYDVG3Hi Ue9B4WlTqBIxvaaY9f6c+pF+I3P/DUXY/9c/WSus2bcYB6M5+I0u3FN1qFWUWJU= Received: by cowbell.employees.org (Postfix, from userid 1736) id A666FD7881; Wed, 25 Nov 2015 04:29:03 -0800 (PST) Resent-From: Derek Fawcus Resent-Date: Wed, 25 Nov 2015 12:29:03 +0000 Resent-Message-ID: <20151125122903.GD75123@cowbell.employees.org> Resent-To: perpass@ietf.org Date: Wed, 25 Nov 2015 12:27:13 +0000 From: Derek Fawcus To: perpass Message-ID: <20151125122713.GC75123@cowbell.employees.org> Mail-Followup-To: Eliot Lear , Brian Trammell , perpass References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <20151125071128.GA99066@cowbell.employees.org> <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> <20151125115248.GA75123@cowbell.employees.org> <5655A3F2.60900@cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5655A3F2.60900@cisco.com> User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 12:29:05 -0000 On Wed, Nov 25, 2015 at 01:05:06PM +0100, Eliot Lear wrote: > Hi, > > This smells a lot more like an attempt to inhibit lawful intercept than > it does to stop a bad guy spying on email. Hardly, they can still intercept it, it would just be encrypted. There are multiple levels of privacy: 1) A communicated with B, but the nature of the comms is uncharacterised. 2) A communicated with B (using email) 3) A communicated with B, the email had contents X Encryption should defeat 3, leaving 1 & 2. I'm suggesting a way to also defeat 2, or at least make its recognition more difficult. None of these prevent 1. This is an attempt to make bulk interception, and its offline post facto analysis more awkward. It'll have no effect upon targetted inteception. (since there one could see the DNS queries, and know which were for SMTP). But, if there is not interest in this; I guess I'll drop it. DF From nobody Wed Nov 25 05:28:30 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2040B1B2C89 for ; Wed, 25 Nov 2015 05:28:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOJWMymf5fjS for ; Wed, 25 Nov 2015 05:28:26 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0605.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::605]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF82A1B2C7A for ; Wed, 25 Nov 2015 05:28:25 -0800 (PST) Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1840.namprd06.prod.outlook.com (10.162.133.15) with Microsoft SMTP Server (TLS) id 15.1.331.20; Wed, 25 Nov 2015 13:28:04 +0000 Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0331.019; Wed, 25 Nov 2015 13:28:04 +0000 From: Robin Wilton To: Derek Fawcus Thread-Topic: [perpass] SMTP and SRV records Thread-Index: AQHRJvRDZA3I+pSgJ06arJS/w9mHcp6rr0GAgACj1wCAADSkAIAAHXW4gAAGIICAABCGAA== Date: Wed, 25 Nov 2015 13:28:03 +0000 Message-ID: <7916539D-4001-40AF-8884-6573D1C89ED9@isoc.org> References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <20151125071128.GA99066@cowbell.employees.org> <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> <20151125115248.GA75123@cowbell.employees.org> <5655A3F2.60900@cisco.com> <20151125122713.GC75123@cowbell.employees.org> In-Reply-To: <20151125122713.GC75123@cowbell.employees.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=wilton@isoc.org; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [94.174.34.240] x-microsoft-exchange-diagnostics: 1; SN1PR06MB1840; 5:F7KMiNc0VAMGHvwCbNBUnfsuXYiShoctstD2J+lOF9Qgp7FPunukcbRGcnGd2jh3IfM6RzJ/Ue/j5QoFtK5I8NSMRTwh9vLBF8FR/1iCor9JikUtPD7R616l7gJehDs09TeZF/Xa1R3JhII2T1Wpzg==; 24:9xznzkA6T7t++XZG10g+OFOPE6Add96n3saEmVIjhN40F6AJveQRxc+pFS7ek4PKBCKYHr6A872qEzJWD16yzlO82z5Kyko9dL6K/0iYk98= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR06MB1840; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(51492898944892); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001)(10201501046); SRVR:SN1PR06MB1840; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1840; x-forefront-prvs: 0771670921 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(252514010)(199003)(24454002)(189002)(2900100001)(19580405001)(106116001)(97736004)(40100003)(82746002)(99286002)(54356999)(50986999)(189998001)(5002640100001)(2950100001)(33656002)(81156007)(99936001)(76176999)(87936001)(77096005)(93886004)(83716003)(110136002)(10400500002)(122556002)(5001960100002)(105586002)(19580395003)(36756003)(15975445007)(92566002)(102836003)(3846002)(106356001)(586003)(101416001)(5008740100001)(66066001)(86362001)(5004730100002)(5007970100001)(11100500001)(6116002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1840; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; boundary="Apple-Mail=_C8C08896-B121-4A56-AABD-B9A837C58247"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 X-OriginatorOrg: isoc.org X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2015 13:28:03.8734 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1840 Archived-At: Cc: perpass Subject: Re: [perpass] SMTP and SRV records X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 13:28:30 -0000 --Apple-Mail=_C8C08896-B121-4A56-AABD-B9A837C58247 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Hi Derek - Brief comment in-line... On 25 Nov 2015, at 12:27, Derek Fawcus = wrote: > On Wed, Nov 25, 2015 at 01:05:06PM +0100, Eliot Lear wrote: >> Hi, >>=20 >> This smells a lot more like an attempt to inhibit lawful intercept = than >> it does to stop a bad guy spying on email. >=20 > Hardly, they can still intercept it, it would just be encrypted. >=20 > There are multiple levels of privacy: >=20 > 1) A communicated with B, but the nature of the comms is = uncharacterised. > 2) A communicated with B (using email) > 3) A communicated with B, the email had contents X >=20 > Encryption should defeat 3, leaving 1 & 2. >=20 > I'm suggesting a way to also defeat 2, or at least make its = recognition > more difficult. None of these prevent 1. >=20 > This is an attempt to make bulk interception, and its offline post = facto > analysis more awkward. It'll have no effect upon targetted = inteception. > (since there one could see the DNS queries, and know which were for = SMTP). >=20 > But, if there is not interest in this; I guess I'll drop it. Whether or not this functionality ends up in an RFC or implemented, I = think it is exactly this level of clarity over =93levels of privacy=94 = (and corresponding levels of protection vs levels of interception = capability) that we need to be discussing as a community. I=92m sure I=92m not the only one who has been depressed by a lot of the = public discourse on this topic (present list definitely excepted!), and = the lack of clarity/understanding demonstrated by much of it (this being = a lamentable case in point: = http://www.telegraph.co.uk/technology/12008689/Why-is-Silicon-Valley-helpi= ng-the-tech-savvy-jihadists.html ). I think an important antidote to that is our own clarity about the = protective mechanisms that can be applied at the various layers of the = protocol stack, and the nature and extent of the protection they each = provide. This is entirely in line with my understanding of RFC7258. >=20 > DF >=20 > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity --Apple-Mail=_C8C08896-B121-4A56-AABD-B9A837C58247 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlZVtwUACgkQ646Z8yy2wEzxtAD+M6NCQdUasfE7E6ELCU5wn/aQ /6MWaW4y8RJerPwjcQABALhcSt2I3uA3gJjAjvoRSO6nukaRVTLtg5ub45luWX9f =TbfY -----END PGP SIGNATURE----- --Apple-Mail=_C8C08896-B121-4A56-AABD-B9A837C58247-- From nobody Wed Nov 25 05:56:39 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 879E61B2CB8 for ; Wed, 25 Nov 2015 05:56:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.886 X-Spam-Level: X-Spam-Status: No, score=-4.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qB_m3ukYgiFS for ; Wed, 25 Nov 2015 05:56:35 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 503761B2C58 for ; Wed, 25 Nov 2015 05:56:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 82294BE3F; Wed, 25 Nov 2015 13:56:33 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jFY3XnnzaItQ; Wed, 25 Nov 2015 13:56:33 +0000 (GMT) Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 799DABE39; Wed, 25 Nov 2015 13:56:32 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1448459793; bh=ARJU5tGNHxhR0MwL2d08vy1jtwg7qnTOpVM2mcZgzf0=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=VkT/mU0Zs6dgSOUE8l6hTqPU3fHuZcOd/cf8UnofKHL1Kqb25V/fXMAnXw5DsNEZt u34AJ6wY05ZmXvHXmpiWT+R/r5SYwGAV9wlcNI06LM8YH1/LYzcunUoZ8gNWkwMvIx M/EYBBkmkeB2qeJ0WadlZKFJb6l5PpkdFzPsWJKc= To: Robin Wilton , Derek Fawcus References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <20151125071128.GA99066@cowbell.employees.org> <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> <20151125115248.GA75123@cowbell.employees.org> <5655A3F2.60900@cisco.com> <20151125122713.GC75123@cowbell.employees.org> <7916539D-4001-40AF-8884-6573D1C89ED9@isoc.org> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <5655BE0D.4030706@cs.tcd.ie> Date: Wed, 25 Nov 2015 13:56:29 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <7916539D-4001-40AF-8884-6573D1C89ED9@isoc.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Oh7PLTsj4SAt6cLNIx4fQIT1OoxnAHoDK" Archived-At: Cc: perpass Subject: [perpass] commentariat (was: Re: SMTP and SRV records) X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 13:56:37 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Oh7PLTsj4SAt6cLNIx4fQIT1OoxnAHoDK Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable subject line change... On 25/11/15 13:28, Robin Wilton wrote: > I=E2=80=99m sure I=E2=80=99m not the only one who has been depressed by= a lot of the > public discourse on this topic (present list definitely excepted!), > and the lack of clarity/understanding demonstrated by much of it > (this being a lamentable case in point: > http://www.telegraph.co.uk/technology/12008689/Why-is-Silicon-Valley-he= lping-the-tech-savvy-jihadists.html > ). While I agree that that kind of article is a pain, it's entirely predictable, partly understandable but IMO, as it's an attempt to defy logic and what are basically laws of physics (crytpo is just math in the end and the rest is a mere matter of programming), it is also bound to fail, in most places and for most of the time. We and others have written about why such ideas are wrong, and will continue to do so, but I don't think we should worry too much about every single flurry of articles like that. And there will be such a flurry after every unfortunate or deplorable incident, as that is also in the nature of things. But, just to take one example, I'd bet the UK govt will wise up somewhat when they finally get that they risk exporting their financial services industry if they muck with crypto in the ways that article would indicate. (I had a chat with some Irish industrial dev. types, and that was the angle that most interested them:-) Cheers, S. PS: And anyway it's the telegraph - did we expect tech clue? :-) --Oh7PLTsj4SAt6cLNIx4fQIT1OoxnAHoDK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWVb4QAAoJEC88hzaAX42iDRIH/0pUHNNCkCc9Amd9xlQm6AMo LPypCwElBsI/9r5MWgemRzcEQi7E+PLiZuJeqspjoxk3rPKyeaO+age23CS/G0IA uTgkFHaM8vNq44JBiMUWKhsW6YkVfKJf1yWZuVrulZZD9IuNiTCwsMfAePAKCWDy YPqwDRjKgC9AlmQV4xy9/N38KWh8sZ+/s//axRqzV+1d4nLNJjzZNKF6+hUi0+W2 MW/d/7QIKCWYZ0vCB85pvalD+aUHnxlmtC9Kuy+d9Q/ogf2XNkeeg6qsJ3djDcyD 1wncNvcIQhokbvya0n2T9IkgfbaYLhJeZsGzb6IqrD1Wu8OwefQ1T1/ZCRUcfLo= =2/t+ -----END PGP SIGNATURE----- --Oh7PLTsj4SAt6cLNIx4fQIT1OoxnAHoDK-- From nobody Wed Nov 25 06:32:39 2015 Return-Path: X-Original-To: perpass@ietfa.amsl.com Delivered-To: perpass@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA1311B2D6F for ; Wed, 25 Nov 2015 06:32:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6iv8sh3BZ26 for ; Wed, 25 Nov 2015 06:32:35 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0682.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:682]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D45D21B2D71 for ; Wed, 25 Nov 2015 06:32:34 -0800 (PST) Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1837.namprd06.prod.outlook.com (10.162.133.17) with Microsoft SMTP Server (TLS) id 15.1.331.20; Wed, 25 Nov 2015 14:32:17 +0000 Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0331.019; Wed, 25 Nov 2015 14:32:17 +0000 From: Robin Wilton To: Stephen Farrell Thread-Topic: commentariat (was: Re: [perpass] SMTP and SRV records) Thread-Index: AQHRJ4kabHjU0e02E0WXhUgzMCZ5cp6szJOA Date: Wed, 25 Nov 2015 14:32:17 +0000 Message-ID: <54A66AAE-6E88-4C0B-A693-B0E8B94F5E52@isoc.org> References: <20151124201103.GA9353@cowbell.employees.org> <5654D5AF.50700@cisco.com> <20151125071128.GA99066@cowbell.employees.org> <6FD77081-7C68-4266-9C26-3443C73F4EFA@trammell.ch> <20151125115248.GA75123@cowbell.employees.org> <5655A3F2.60900@cisco.com> <20151125122713.GC75123@cowbell.employees.org> <7916539D-4001-40AF-8884-6573D1C89ED9@isoc.org> <5655BE0D.4030706@cs.tcd.ie> In-Reply-To: <5655BE0D.4030706@cs.tcd.ie> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=wilton@isoc.org; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [94.174.34.240] x-microsoft-exchange-diagnostics: 1; SN1PR06MB1837; 5:SniuPqk3tT/RS9tSwCGSSlFf7mfyiu9CmA2oIzPiP7WWCYQ1V0hl1qrKHo9OuIYEuqo4Kf6dSFc/iDoVHofakKHf0OjOZ9EqXI1hO5nlnMrfbZMD/nBm/qiR+/VVrdR2HSPqyz5wUTxQwe7PMqnVHQ==; 24:TIX/lIyK5j45J5u4Ss/7AXR8pi25tt94jO9P5acAKyg8NO1tl0Y7qF9Y1Kt55nAe5qpvU44ndOjG/lT5GibEYBLLd8LQf2cfsQ/JNJ+FLu0= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR06MB1837; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(32856632585715)(51492898944892); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(520078)(3002001)(10201501046); SRVR:SN1PR06MB1837; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1837; x-forefront-prvs: 0771670921 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(479174004)(252514010)(24454002)(199003)(189002)(586003)(87936001)(102836003)(6116002)(3846002)(93886004)(122556002)(99286002)(106356001)(40100003)(105586002)(76176999)(99936001)(83716003)(50986999)(5002640100001)(66066001)(16236675004)(106116001)(54356999)(189998001)(86362001)(33656002)(10400500002)(15975445007)(5007970100001)(5004730100002)(19617315012)(97736004)(101416001)(5001920100001)(36756003)(2950100001)(5001960100002)(110136002)(5008740100001)(2900100001)(82746002)(81156007)(19580405001)(92566002)(19580395003)(77096005)(11100500001)(1220700001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1837; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; boundary="Apple-Mail=_29914C56-AD79-48DA-BC3F-50284CC4228B"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 X-OriginatorOrg: isoc.org X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2015 14:32:17.5126 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1837 Archived-At: Cc: perpass Subject: Re: [perpass] commentariat (was: Re: SMTP and SRV records) X-BeenThere: perpass@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2015 14:32:38 -0000 --Apple-Mail=_29914C56-AD79-48DA-BC3F-50284CC4228B Content-Type: multipart/alternative; boundary="Apple-Mail=_5B9EF0E2-EE98-439E-9D18-11E279961DA2" --Apple-Mail=_5B9EF0E2-EE98-439E-9D18-11E279961DA2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity On 25 Nov 2015, at 13:56, Stephen Farrell = wrote: >=20 > subject line change... >=20 > On 25/11/15 13:28, Robin Wilton wrote: >> I=92m sure I=92m not the only one who has been depressed by a lot of = the >> public discourse on this topic (present list definitely excepted!), >> and the lack of clarity/understanding demonstrated by much of it >> (this being a lamentable case in point: >> = http://www.telegraph.co.uk/technology/12008689/Why-is-Silicon-Valley-helpi= ng-the-tech-savvy-jihadists.html >> ). >=20 > While I agree that that kind of article is a pain, it's entirely > predictable, partly understandable but IMO, as it's an attempt to > defy logic and what are basically laws of physics (crytpo is just > math in the end and the rest is a mere matter of programming), it > is also bound to fail, in most places and for most of the time. >=20 > We and others have written about why such ideas are wrong, > and will continue to do so, but I don't think we should worry > too much about every single flurry of articles like that. And > there will be such a flurry after every unfortunate or > deplorable incident, as that is also in the nature of things. Absolutely; the focus shouldn=92t be on countering clueless journalists = so much as ensuring that we are clear about our terms, that our = discussion and outputs reflect that clarity, and that we make it easier = for more and more people (in diverse audiences) to understand the = relevant nuances. >=20 > But, just to take one example, I'd bet the UK govt will wise up > somewhat when they finally get that they risk exporting their > financial services industry if they muck with crypto in the ways > that article would indicate. (I had a chat with some Irish > industrial dev. types, and that was the angle that most interested > them:-) +1=85 but even the =93economic policy=94 argument can get derailed (or = at least lose force) if govt types don=92t get, for instance, the = difference between link and E2E encrypted comms. >=20 > Cheers, > S. >=20 > PS: And anyway it's the telegraph - did we expect tech clue? :-) No. No we did not. ;^\ >=20 >=20 --Apple-Mail=_5B9EF0E2-EE98-439E-9D18-11E279961DA2 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252
Robin Wilton
Technical = Outreach Director - Identity and Privacy
Internet = Society

email: wilton@isoc.org
Phone: +44 705 = 005 2931
Twitter: @futureidentity

On 25 Nov 2015, at 13:56, Stephen Farrell <stephen.farrell@cs.tcd.ie>= ; wrote:


subject line change...

On 25/11/15 13:28, Robin = Wilton wrote:
I=92m sure I=92m not the only = one who has been depressed by a lot of the
public discourse on this = topic (present list definitely excepted!),
and the lack of = clarity/understanding demonstrated by much of it
(this being a = lamentable case in point:
http://www.telegraph.co.uk/techn= ology/12008689/Why-is-Silicon-Valley-helping-the-tech-savvy-jihadists.html=
).

While I agree that that kind of article = is a pain, it's entirely
predictable, partly understandable but IMO, = as it's an attempt to
defy logic and what are basically laws of = physics (crytpo is just
math in the end and the rest is a mere matter = of programming), it
is also bound to fail, in most places and for = most of the time.

We and others have written about why such ideas = are wrong,
and will continue to do so, but I don't think we should = worry
too much about every single flurry of articles like that. = And
there will be such a flurry after every unfortunate = or
deplorable incident, as that is also in the nature of = things.

Absolutely; the focus shouldn=92t = be on countering clueless journalists so much as ensuring that we are = clear about our terms, that our discussion and outputs reflect that = clarity, and that we make it easier for more and more people (in diverse = audiences) to understand the relevant nuances. 

But, just to take one example, I'd bet the UK govt = will wise up
somewhat when they finally get that they risk exporting = their
financial services industry if they muck with crypto in the = ways
that article would indicate. (I had a chat with some = Irish
industrial dev. types, and that was the angle that most = interested
them:-)

+1=85 but even the = =93economic policy=94 argument can get derailed (or at least lose force) = if govt types don=92t get, for instance, the difference between link and = E2E encrypted comms.

Cheers,
S.

PS: And anyway it's the telegraph = - did we expect tech clue? :-)

No. = No we did not.  ;^\




= --Apple-Mail=_5B9EF0E2-EE98-439E-9D18-11E279961DA2-- --Apple-Mail=_29914C56-AD79-48DA-BC3F-50284CC4228B Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="signature.asc" Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlZVxhIACgkQ646Z8yy2wEz64wD+JHtx/2rQHavMmebOF8sGq9tg jYyT5NLbVB0Ubz58+O8BAIaOmKA+sxLvZGxnaX/NO2GcLEKW7Xy8b4iaklr8OQoY =a+ns -----END PGP SIGNATURE----- --Apple-Mail=_29914C56-AD79-48DA-BC3F-50284CC4228B--